Resolve CodeQL alert 15 "Potentially unsafe external link" #6261
Conversation
Changed line 26 code and test viewed the 2FA.html page in Docker
Added rel="noopener noreferrer" to fix CodeQL alert 15
|
Want to review this pull request? Take a look at this documentation for a step by step guide! From your project repository, check out a new branch and test the changes. Note that CONTRIBUTING.md cannot previewed locally; rather it should be previewed at this URL: |
github-actions
bot
added
good first issue
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| {% else %} | ||
| <p class='leader-description-field'><strong>Name: </strong><a href='{{ item.links.slack }}'target='_blank' title='Slack Direct Message' rel="noopener noreferrer">{{ item.name }}</a></p> | ||
| <p class='leader-description-field'><strong>Name: </strong><a href='{{ item.links.slack }}' target='_blank' title='Slack Direct Message'>{{ item.name }}</a></p> |
Check warning
Code scanning / CodeQL
Potentially unsafe external link Medium
| {% elsif page.status == "Completed" %} | ||
| <p class='leader-description-field'><strong>Name: </strong><a href='{{ item.links.github }}' target='_blank' title='GitHub Profile' rel="noopener noreferrer">{{ item.name }}</a></p> | ||
| <p class='leader-description-field'><strong>Name: </strong><a href='{{ item.links.github }}' target='_blank' title='GitHub Profile'>{{ item.name }}</a></p> |
Check warning
Code scanning / CodeQL
Potentially unsafe external link Medium
| @@ -152,11 +152,11 @@ | |||
| <a href='{{ item.links.github }}' target='_blank' title='GitHub Profile'><img class='leader-img' src='{{ item.picture }}'></a> | |||
| <div class='leader-description'> | |||
| {% if page.status == "Completed" and item.links.linkedin %} | |||
| <p class='leader-description-field'></p><strong>Name: </strong><a href='{{ item.links.linkedin }}' target='_blank' title='Linkedin Profile' rel="noopener noreferrer">{{ item.name }}</a></p> | |||
| <p class='leader-description-field'></p><strong>Name: </strong><a href='{{ item.links.linkedin }}' target='_blank' title='Linkedin Profile'>{{ item.name }}</a></p> | |||
Check warning
Code scanning / CodeQL
Potentially unsafe external link Medium
| {% assign counter = counter | minus:1 %} | ||
| {% elsif counter > 1 %} | ||
| <a target="_blank" href='{{ item.url }}' rel="noopener noreferrer">{{ item.name }}</a>{% if forloop.last == false %}, {% endif %} | ||
| <a target="_blank" href='{{ item.url }}'>{{ item.name }}</a>{% if forloop.last == false %}, {% endif %} |
Check warning
Code scanning / CodeQL
Potentially unsafe external link Medium
| @@ -42,10 +42,10 @@ | |||
| <strong>Links: </strong> | |||
| {% for item in page.links %} | |||
| {% if counter == 1 %} | |||
| <a target="_blank" href='{{ item.url }}' rel="noopener noreferrer"> {{ item.name }}</a> | |||
| <a target="_blank" href='{{ item.url }}'> {{ item.name }}</a> | |||
Check warning
Code scanning / CodeQL
Potentially unsafe external link Medium
| <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-standalone/6.26.0/babel.js" | ||
| integrity="sha384-5eDs4qg7Mm6lRIqLmB5k7P/GV+iEWdlzONR7lOdXJ/hquF3S4n4Z2u0rbhx8OYXs" crossorigin="anonymous"> | ||
| </script> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-standalone/6.26.0/babel.js"></script> |
Check warning
Code scanning / CodeQL
Inclusion of functionality from an untrusted source Medium
| <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-standalone/6.26.0/babel.js" | ||
| integrity="sha384-5eDs4qg7Mm6lRIqLmB5k7P/GV+iEWdlzONR7lOdXJ/hquF3S4n4Z2u0rbhx8OYXs" crossorigin="anonymous"> | ||
| </script> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/babel-standalone/6.26.0/babel.js"></script> |
Check warning
Code scanning / CodeQL
Inclusion of functionality from an untrusted source Medium
| @@ -94,7 +84,7 @@ | |||
| since: date, | |||
| per_page: 100, | |||
| page: pageNum | |||
| }); | |||
| }) | |||
Check notice
Code scanning / CodeQL
Semicolon insertion Note
|
Hi @das-mittel! Thanks for taking on this issue! It looks like you have done your work on the gh-pages branch. Pull requests must be made from a branch that you create. It's name should describe the issue you worked on and include the issue number. You will need to sync your fork's gh-pages to the Hack for LA gh-pages. Then pull your origin gh-pages locally. Once your local gh-pages matches the Hack For LA gh-pages, you will need to create a feature branch and complete the work for this issue on the feature branch, push it to your forked repo and create a new pull request. Please see the steps on the How to Contribute to Hack for LA wiki page (Part 2, and 2.7 in particular). I'm closing this PR since you will need to open a new one on a different branch. Please feel free to ping me here or on Slack if you need help or any clarification. Thanks! |
|
Closing will need to create a new PR on a separate feature branch. |
Fixes #6049
What changes did you make?
Why did you make the changes (we will use this info to test)?
Screenshots of Proposed Changes Of The Website (if any, please do not screen shot code changes)