fix(blogs): add rel=noopener noreferrer to external links#324
fix(blogs): add rel=noopener noreferrer to external links#324Pranav-IIITM wants to merge 1 commit into
Conversation
Signed-off-by: Pranav-IIITM <jogdandpranav2007@gmail.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for kmesh-net ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Code Review
This pull request adds the 'rel="noopener noreferrer"' attribute to author links in the Blogs component to improve security when opening links in a new tab. The reviewer correctly identified that the mapped anchor elements are missing a unique 'key' prop, which is a React best practice, and provided a code suggestion to resolve this.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Pull request overview
This PR addresses a security vulnerability in the Blogs component by ensuring external author links opened with target="_blank" also include rel="noopener noreferrer", mitigating reverse tabnapping and aligning behavior with the existing CNCFInfo component.
Changes:
- Add
rel="noopener noreferrer"to the external author link insrc/components/Blogs/index.js. - Bring
Blogsexternal-link handling in line withCNCFInfo.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@nlgwcy @yashisrani Please review the PR !! |
|
/lgtm |
Summary
The
Blogscomponent was opening external author links in a new tab usingtarget="_blank"without therel="noopener noreferrer"attribute, exposing the site to reverse tabnapping attacks. This PR adds the missing attribute, bringing theBlogscomponent in line with theCNCFInfocomponent which already handles this correctly.Closes #323
Changes Made
src/components/Blogs/index.jsWhy It Matters
window.openerand redirect the original page to a malicious URLnoreferrerstops the browser from sending theRefererheader, preventing the origin URL from leaking to external sitesnoopenerensures the new tab runs in a separate process, improving performance in some browsersBlogscomponent in line with theCNCFInfocomponent which already usesrel="noopener noreferrer"correctlyReferences
Checklist
rel="noopener noreferrer"added to all affected external linksCNCFInfocomponent handles external links