Skip to content

fix(blogs): add rel=noopener noreferrer to external links#324

Open
Pranav-IIITM wants to merge 1 commit into
kmesh-net:mainfrom
Pranav-IIITM:fix/blogs-external-link-security
Open

fix(blogs): add rel=noopener noreferrer to external links#324
Pranav-IIITM wants to merge 1 commit into
kmesh-net:mainfrom
Pranav-IIITM:fix/blogs-external-link-security

Conversation

@Pranav-IIITM

Copy link
Copy Markdown

Summary

The Blogs component was opening external author links in a new tab using target="_blank" without the rel="noopener noreferrer" attribute, exposing the site to reverse tabnapping attacks. This PR adds the missing attribute, bringing the Blogs component in line with the CNCFInfo component which already handles this correctly.

Closes #323

Changes Made

src/components/Blogs/index.js

- <a href={item.url} target="_blank">
+ <a href={item.url} target="_blank" rel="noopener noreferrer">

Why It Matters

  • Security — Prevents reverse tabnapping attacks where a newly opened tab could access window.opener and redirect the original page to a malicious URL
  • Privacynoreferrer stops the browser from sending the Referer header, preventing the origin URL from leaking to external sites
  • Performancenoopener ensures the new tab runs in a separate process, improving performance in some browsers
  • Consistency — Brings the Blogs component in line with the CNCFInfo component which already uses rel="noopener noreferrer" correctly

References

Checklist

  • rel="noopener noreferrer" added to all affected external links
  • No existing functionality or styling affected
  • Consistent with how CNCFInfo component handles external links

Signed-off-by: Pranav-IIITM <jogdandpranav2007@gmail.com>
Copilot AI review requested due to automatic review settings June 29, 2026 16:22
@kmesh-bot

Copy link
Copy Markdown
Collaborator

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jayesh9747 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@netlify

netlify Bot commented Jun 29, 2026

Copy link
Copy Markdown

Deploy Preview for kmesh-net ready!

Name Link
🔨 Latest commit 76ac712
🔍 Latest deploy log https://app.netlify.com/projects/kmesh-net/deploys/6a429be4ef95b200087d639e
😎 Deploy Preview https://deploy-preview-324--kmesh-net.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds the 'rel="noopener noreferrer"' attribute to author links in the Blogs component to improve security when opening links in a new tab. The reviewer correctly identified that the mapped anchor elements are missing a unique 'key' prop, which is a React best practice, and provided a code suggestion to resolve this.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread src/components/Blogs/index.js

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a security vulnerability in the Blogs component by ensuring external author links opened with target="_blank" also include rel="noopener noreferrer", mitigating reverse tabnapping and aligning behavior with the existing CNCFInfo component.

Changes:

  • Add rel="noopener noreferrer" to the external author link in src/components/Blogs/index.js.
  • Bring Blogs external-link handling in line with CNCFInfo.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Pranav-IIITM

Copy link
Copy Markdown
Author

@nlgwcy @yashisrani Please review the PR !!

@yashisrani

Copy link
Copy Markdown
Contributor

/lgtm

@kmesh-bot kmesh-bot added the lgtm label Jun 29, 2026
@jayesh9747 jayesh9747 added this pull request to the merge queue Jul 4, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to no response for status checks Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Security] Add rel="noopener noreferrer" to external links in Blogs component

4 participants