Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve "Potentially unsafe external link" in _includes/current-guides.html #6484

Closed
3 of 4 tasks
Tracked by #5129
roslynwythe opened this issue Mar 20, 2024 · 5 comments · Fixed by #6508
Closed
3 of 4 tasks
Tracked by #5129

Resolve "Potentially unsafe external link" in _includes/current-guides.html #6484

roslynwythe opened this issue Mar 20, 2024 · 5 comments · Fixed by #6508
Assignees
@DakuwoN
Labels
Feature: Code Alerts good first issue Good for newcomers role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 0.25pt Can be done in 0.5 to 1.5 hours
Milestone
02. Security

Comments

@roslynwythe
Copy link
Member

roslynwythe commented Mar 20, 2024
edited by DakuwoN
Loading

Prerequisite

  1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
  2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to fix a potentially unsafe external link by adding the attribute rel="noopener noreferrer". The problem and the solution is similar the those detailed in https://github.com/hackforla/website/security/code-scanning/3, however the instance addressed by this issue did not result in a CodeQL alert.

Action Items

  • Open the file _includes/current-guides.html in your IDE
  • Replace
                        <a href="{{item.resource-url}}" class="toolkit-flex-item-status" target="_blank">

with

                        <a href="{{item.resource-url}}" class="toolkit-flex-item-status" target="_blank" rel="noopener noreferrer">
  • Using Docker, check the url /toolkit and check that the page remains the same in mobile, tablet, and desktop views as on the current website (See 2 in the Resources/Instructions section below). Refer to the Resources/Instructions section for a screenshot of the hyperlink modified in this issue (highlighted in yellow). Confirm that link still works.

Merge Team

Resources/Instructions

hyperlink modified in this issue

image

  1. GitHub CodeQL documentation
  2. Webpage: https://www.hackforla.org/toolkit
  3. This issue is part of Epic: Create issues to resolve CodeQL alerts 1- 24, 98 "Potentially unsafe external link" #5129
@roslynwythe roslynwythe added Feature Missing This label means that the issue needs to be linked to a precise feature label. size: missing role missing Complexity: Missing labels Mar 20, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@roslynwythe roslynwythe added good first issue Good for newcomers size: 0.25pt Can be done in 0.5 to 1.5 hours Feature: Code Alerts role: front end Tasks for front end developers role: back end/devOps Tasks for back-end developers Ready for Prioritization and removed Feature Missing This label means that the issue needs to be linked to a precise feature label. size: missing role missing Complexity: Missing labels Mar 20, 2024
This was referenced Mar 20, 2024
Open
Closed
Open
@DakuwoN DakuwoN self-assigned this Mar 23, 2024
@github-actions GitHub Actions
Copy link

Hi @DakuwoN, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:-
i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?)
ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)

@DakuwoN
Copy link
Member

DakuwoN commented Mar 23, 2024

Hello, I am available Monday - Friday after 1:30PM Eastern and Weekends anytime.
I will have this issue complete by Sunday.

@DakuwoN DakuwoN added the Complexity: Small Take this type of issues after the successful merge of your second good first issue label Mar 23, 2024
@DakuwoN DakuwoN mentioned this issue Mar 23, 2024
Merged
@ExperimentsInHonesty
Copy link
Member

@DakuwoN In future, please do not take issues from the new issue approval column. Only from the prioritized backlog.

@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone Mar 24, 2024
@DakuwoN
Copy link
Member

DakuwoN commented Mar 24, 2024

I'm sorry @ExperimentsInHonesty it's been so long, and I even re read the onboarding documents, I expect some other mistakes as well. Sorry again. Won't happen again.

@roslynwythe roslynwythe mentioned this issue Mar 27, 2024
Open
29 tasks
@jphamtv jphamtv removed the Complexity: Small Take this type of issues after the successful merge of your second good first issue label Mar 29, 2024
@roslynwythe roslynwythe mentioned this issue Apr 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DakuwoN DakuwoN

Labels
Feature: Code Alerts good first issue Good for newcomers role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 0.25pt Can be done in 0.5 to 1.5 hours
Projects
P: HfLA Website: Project Board
Status: QA
Milestone
02. Security
Development

Successfully merging a pull request may close this issue.

Fixed a potentially dangerous link DakuwoN/website
4 participants
@jphamtv @roslynwythe @ExperimentsInHonesty @DakuwoN