Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Add rel='noopener' to all external links #10290

Merged
merged 1 commit into from
Aug 8, 2017
Merged

Add rel='noopener' to all external links #10290

merged 1 commit into from
Aug 8, 2017

Conversation

voldemortensen
Copy link
Contributor

@voldemortensen voldemortensen commented Aug 4, 2017
edited by bsclifton
Loading

To avoid tab-nabbing attacks, all external links with
target='_blank' must have rel='noopener'

Fix #9743

Submitter Checklist:

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Ran git rebase -i to squash commits (if needed).
  • Tagged reviewers and labelled the pull request as needed.
    (I couldn't find a list of people to tag, although I did read the pull request process page.)

Test Plan:
See #10290 (comment)

Reviewer Checklist:

Tests

  • Adequate test coverage exists to prevent regressions
  • Tests should be independent and work correctly when run individually or as a suite ref
  • New files have MPL2 license header

@voldemortensen
Copy link
Contributor Author

Hmm.. I'll take a look at the failing tests.

@luixxiul
Copy link
Contributor

luixxiul commented Aug 5, 2017

@voldemortensen there are some failing tests and you don't have to try to fix them unless you introduced new ones with your PR.

@luixxiul luixxiul added this to the 0.21.x (Nightly Channel) milestone Aug 5, 2017
@luixxiul luixxiul requested a review from diracdeltas August 6, 2017 12:28
@bsclifton bsclifton requested a review from darkdh August 7, 2017 21:32
@bsclifton
Copy link
Member

Adding @darkdh for review too 😄

diracdeltas
diracdeltas approved these changes Aug 7, 2017
View reviewed changes
Copy link
Member

@diracdeltas diracdeltas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for submitting this!

@voldemortensen
Copy link
Contributor Author

My pleasure! I'll definitely be contributing more. I love the ideas around this browser.

@voldemortensen @bsclifton
Add rel='noopener' to all external links
2325cb2 
To avoid tab-nabbing attacks, all external links with
target='_blank' must have rel='noopener'

Fix #9743
@bsclifton bsclifton merged commit 8c7b531 into brave:master Aug 8, 2017
@bsclifton
Copy link
Member

Awesome, thanks for the contribution @voldemortensen! 😄 As a follow up, would you be able to add some QA steps (ex: which screens to visit)?

@voldemortensen
Copy link
Contributor Author

Absolutely

@voldemortensen
Copy link
Contributor Author

QA steps:

Visit a new tab

  • Check the photographers link in bottom left corner.

Visit the torrent viewer page

  • Check the link to webtorrent.io.
  • View a torrent and check the link to download the file.

Visit the about Brave page

  • Check the Brave release notes link
  • Check the link to the github commit revision

Visit the Sync page

  • Check the question mark link that goes to github

Visit the Payments tab

  • Check link to each partner
  • Check both links to the Brave FAQ page

Activate payments

  • Check payment history links

Visit Bitcoin page

  • Check links to iOS and Android apps
  • Check exchange link
  • Check ledger data links

(I think I got everything)

@luixxiul
Copy link
Contributor

luixxiul commented Aug 8, 2017

@voldemortensen perfect! thanks for the steps :-)

@diracdeltas diracdeltas mentioned this pull request Aug 8, 2017
Closed
@darkdh
Copy link
Member

darkdh commented Aug 8, 2017

++

@luixxiul luixxiul mentioned this pull request Aug 11, 2017
Merged
8 tasks
@luixxiul luixxiul mentioned this pull request Aug 20, 2017
Closed
@bbondy bbondy modified the milestones: 0.21.x (Developer Channel), 0.20.x (Beta Channel) Oct 25, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@diracdeltas diracdeltas diracdeltas approved these changes

@darkdh darkdh Awaiting requested review from darkdh

Assignees

@voldemortensen voldemortensen

Labels
QA/test-plan-specified release-notes/include security
Projects
None yet
Milestone
0.20.x (Release Channel)
Development

Successfully merging this pull request may close these issues.
6 participants
@voldemortensen @luixxiul @bsclifton @darkdh @diracdeltas @bbondy