[fix] window.open에 noopener,noreferrer 옵션 추가

[seongwon030]

#️⃣연관된 이슈

ex) #821

📝작업 내용

noreferer, noopener 정리

새 탭을 열기 위해 window.open을 사용할 시, 특히 _blank를 사용할 경우에 일어나는 문제를 정리했습니다.

중점적으로 리뷰받고 싶은 부분(선택)

리뷰어가 특별히 봐주었으면 하는 부분이 있다면 작성해주세요

ex) 메서드 XXX의 이름을 더 잘 짓고 싶은데 혹시 좋은 명칭이 있을까요?

논의하고 싶은 부분(선택)

논의하고 싶은 부분이 있다면 작성해주세요.

🫡 참고사항

Summary by CodeRabbit

릴리스 노트

• 버그 수정
  • 패치 노트 링크 열기 시 보안 기능이 강화되었습니다. 외부 링크 열기에 보안 파라미터가 추가되어 더 안전한 환경에서 패치 노트를 확인할 수 있습니다.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
moadong	Ready	Preview	Comment	Nov 9, 2025 10:51am

[coderabbitai]

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)

Validation error: Invalid regex pattern for base branch. Received: "**" at "reviews.auto_review.base_branches[0]"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Walkthrough

외부 탭을 열 때 보안 기능을 강화하기 위해 window.open() 호출에 'noopener,noreferrer' 파라미터를 추가했습니다. 패치 노트 클릭 핸들러의 세 번째 인수를 수정하여 새 창이 원본 창에 접근하는 것을 방지합니다.

Changes

Cohort / File(s)	Change Summary
보안 기능 추가 frontend/src/hooks/Header/useHeaderNavigation.ts	handlePatchNoteClick의 window.open() 호출에 'noopener,noreferrer' features 문자열 추가

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly describes the main change: adding 'noopener,noreferrer' options to window.open, which matches the core modification in the changeset.
Linked Issues check	✅ Passed	The code change implements the MOA-311 requirement by adding 'noopener,noreferrer' features to window.open in handlePatchNoteClick, fulfilling the checklist item to add rel attributes when opening new tabs.
Out of Scope Changes check	✅ Passed	The modification is limited to adding security features to a single window.open call, which is directly aligned with the linked issue MOA-311 and contains no unrelated changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/#821-add-rel-noopener-noreferer-MOA-311

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

frontend/src/hooks/Header/useHeaderNavigation.ts (1)

30-37: 보안 개선이 올바르게 적용되었습니다!

window.open에 'noopener,noreferrer' 옵션을 추가하여 reverse tabnabbing 공격을 방지하는 보안 개선이 적절하게 구현되었습니다. 철자도 올바르게 작성되었습니다 (noreferrer는 r이 3개).

선택적 개선 사항:

코딩 가이드라인에 따라 매직 스트링을 명명된 상수로 추출하는 것을 고려해보세요.

파일 상단에 상수를 정의:

+const EXTERNAL_LINK_FEATURES = 'noopener,noreferrer';
+
 const useHeaderNavigation = () => {

그리고 해당 상수를 사용:

   const handlePatchNoteClick = useCallback(() => {
     window.open(
       'https://honorable-cough-8f9.notion.site/1e8aad232096804f9ea9ee4f5cf0cd10',
       '_blank',
-      'noopener,noreferrer',
+      EXTERNAL_LINK_FEATURES,
     );

이렇게 하면 향후 다른 window.open 호출에서도 동일한 보안 옵션을 재사용할 수 있고, 일관성을 유지하기 쉬워집니다.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0ea32d3 and dc6638a.

📒 Files selected for processing (1)

• frontend/src/hooks/Header/useHeaderNavigation.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

frontend/**/*.{ts,tsx}

📄 CodeRabbit inference engine (frontend/.cursorrules)

frontend/**/*.{ts,tsx}: Replace magic numbers with named constants for clarity.
Replace complex or nested ternary operators with if/else statements or IIFEs for readability.
Assign complex boolean conditions to named variables.
Use consistent return types for similar functions and hooks.
Avoid hidden side effects; functions should only perform actions implied by their signature (Single Responsibility Principle).
Use unique, descriptive names for custom wrappers and functions to avoid ambiguity.
Define constants near related logic or ensure names link them clearly.

Files:

• frontend/src/hooks/Header/useHeaderNavigation.ts

[lepitaaar]

새로운 부분 배웠습니다..