mitigate against browser phishing

[lauraGgit]

Description

Include a high-level description of the issue your pull request fixes; include only one issue per pull request. Link to the GitHub issue it resolves.

Additional information

Include any of the following (as necessary):

• Relevant research and support documents
• Screenshot images
• Notes

[codecov-commenter]

Codecov Report

Merging #1385 (c82c7f3) into main (0413874) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1385   +/-   ##
=======================================
  Coverage   90.08%   90.08%           
=======================================
  Files          51       51           
  Lines        2280     2280           
=======================================
  Hits         2054     2054           
  Misses        226      226           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0413874...c82c7f3. Read the comment docs.

[neilmb]

I'm assuming that this is the result of grepping for target=_blank, but all of these look good. The Dockerfile and plotly.js changes seem unrelated to the intent of the PR. Do those need to stay?

[lauraGgit]

@neilmb the plotly changes were also the result of the grep to add the norel attribut. We might consider trying to improve that upstream.

The Dockerfile change was because the dockerfile update was breaking local development since the Pipfile.lock wasn't happy with conflicting python versions and the deployed version I believe is at 3.9.