Resolve CodeQL alert 3 "Potentially unsafe external link"

[roslynwythe]

Prerequisite

1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to resolve the alert "Potentially unsafe external link" which appears in the CodeQL alert 3 by adding the attribute rel="noopener noreferrer"

Action Items

• The following item is required for GitHub to establish tracking between this issue and the alert. No action is required. You may simply check the checkbox. If you do follow the link to learn more about CodeQL alerts, DO NOT DISMISS THE ALERT.
• https://github.com/hackforla/website/security/code-scanning/3
• Open the file _includes/current-guides.html in your IDE
• Replace

<h3><a href="{{item.resource-url}}" target="_blank">{{ item.title }}</a></h3>

with

<h3><a href="{{item.resource-url}}"  target="_blank" rel="noopener noreferrer">{{ item.title }}</a></h3>

• Using Docker, check the url /toolkit and check that the page remains the same in mobile, tablet, and desktop views as on the current website (See 2 in the Resources/Instructions section below). Check to make sure that the links "2FA Guide" and "Figma" are still functional.

Merge Team

• When this issue is completed, check off the issue in Epic: Create issues to resolve CodeQL alerts 1- 24, 98 "Potentially unsafe external link" #5129

Resources/Instructions

1. GitHub CodeQL documentation
2. Webpage: https://www.hackforla.org/toolkit
3. This issue is part of Epic: Create issues to resolve CodeQL alerts 1- 24, 98 "Potentially unsafe external link" #5129

[github-actions]

Hi @duojet2ez, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:-
i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?)
ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)

[duojet2ez]

eta: 1 week

availability: m - f day

[duojet2ez]

Just an update:
Progress: I have completed this issue and tested locally

Blockers: The only difficulty is figuring out how to use github to merge this issue in the main branch. I am currently researching the process by reading the hack la documentation

Availability: I have 6 hours this week

ETA: Should be done when I figure out how github works... so soon theoretically

[github-actions]

@duojet2ez

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
2. Blockers: "Difficulties or errors encountered."
3. Availability: "How much time will you have this week to work on this issue?"
4. ETA: "When do you expect this issue to be completed?"
5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the Questions/In Review column of the Project Board and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel. Please note that including your questions in the issue comments- along with screenshots, if applicable- will help us to help you. Here and here are examples of well-formed questions.

_{You are receiving this comment because your last comment was before Monday, February 5, 2024 at 11:06 PM PST.}

[duojet2ez]

progress: I pushed my local branch to the remote repository "resolve-code-qlalert-6044" following the written guide

Blockers: Not familiar enough with github to understand what I am supposed to do next. Waiting for next Thursday office hours to ask questions

Availability: I have 5 hours to work on this although pending questions that need to be answered

ETA: Probably Thursday Feb 15

[djbradleyii]

@roslynwythe This issue is in regards to line 77 but there is an anchor tag on line 80 with the same issue. I don't see an issue related to line 80 to add rel="noopener noreferrer". Should we be updating the second link as well? File location: https://github.com/hackforla/website/blob/gh-pages/_includes/current-guides.html or are we waiting for CodeQL to flag it before we handle the fix? I am not sure of the protocol.

[roslynwythe]

@roslynwythe This issue is in regards to line 77 but there is an anchor tag on line 80 with the same issue. I don't see an issue related to line 80 to add rel="noopener noreferrer". Should we be updating the second link as well? File location: https://github.com/hackforla/website/blob/gh-pages/_includes/current-guides.html or are we waiting for CodeQL to flag it before we handle the fix? I am not sure of the protocol.

@djbradleyii You are correct - there doesn't seem to be an alert regarding line 80, which is puzzling. I created #6484 to address the problem and also #6485 to document the problem. Thanks very much for bringing this to our attention!