You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2021/09/01 16:15:22 UTC

[GitHub] [zeppelin] CrynetLogistics commented on pull request #4212: [ZEPPELIN-5395] Address tab nabbing vulnerability

CrynetLogistics commented on pull request #4212:
URL: https://github.com/apache/zeppelin/pull/4212#issuecomment-910439230


   Thank you. Changes LGTM.
   
   Just wondering why the addition of `noreferrer` `noopener` was not added for the following:
   * `docs/interpreter/cassandra.md`... lines 166, 175, 184 (just wondering since `docs/interpreter/jdbc.md` has been treated)
   * `zeppelin-web/src/app/home/home.html`... lines 60, 67, 69, 71 (is the reason that the links are to `github.com` and `apache.org` and we definitely trust those websites forever?
   * `zeppelin-web-angular/src/app/pages/workspace/interpreter/item/item.component.html`... lines 98, 328 (is it because an Angular plugin is used to automatically add these tags at transpile time?)
   * and a few other minor similar examples that broadly follow the above 3 categories...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org