Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement] Adding noreferrer on doc links #1709

Merged
merged 2 commits into from
Jun 13, 2022
Merged

[Improvement] Adding noreferrer on doc links #1709

merged 2 commits into from
Jun 13, 2022

Conversation

manasvinibs
Copy link
Member

Signed-off-by: manasvis manasvis@amazon.com

Description

Stemming from this PR: #565. Links inconsistently have noreferrer on the reference.
This change might not include adding noreferrer to all the links in the package, but links which already have 'rel="noopener"' in it to make it consistent throughout the repo as called out in the above PR.

Issues Resolved

#567

Check List

  • New functionality includes testing.
    • All tests pass
      • yarn test:jest
      • yarn test:jest_integration
      • yarn test:ftr
  • New functionality has been documented.
  • Commits are signed per the DCO using --signoff

@manasvinibs
Adding noreferrer on doc links
9cbc261 
Signed-off-by: manasvis <manasvis@amazon.com>
@manasvinibs manasvinibs requested a review from a team as a code owner June 8, 2022 20:33
joshuarrrr
joshuarrrr requested changes Jun 8, 2022
View reviewed changes
Copy link
Member

@joshuarrrr joshuarrrr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a solid implementation of linked issue.

However, in reviewing, this felt like the kind of thing we shouldn't have to manually worry about for every link. I did a little digging, and it turns out that neither noopeneer nor noreferrer need to be explicitly set when using <EuiLink> components with target="_blank".

Here is where that EUI component calculates the ref values:
https://github.com/elastic/eui/blob/1a5e8429c2db1c331946aede3f85e144fa21d381/src/components/link/link.tsx#L163

noreferrer will always be set by https://github.com/elastic/eui/blob/1a5e8429c2db1c331946aede3f85e144fa21d381/src/services/security/get_secure_rel_for_target.ts#L40-L42

and noopener will be set by
https://github.com/elastic/eui/blob/1a5e8429c2db1c331946aede3f85e144fa21d381/src/services/security/get_secure_rel_for_target.ts#L44-L46

So my recommendation is to update the changes to the 4 <EuiLink> components to remove the rel prop altogether, rather than manually adding noreferrer. (The current changes to <a> strings seem worthwhile to keep)

@codecov-commenter
Copy link

Codecov Report

Merging #1709 (980e64f) into main (b2cfb6e) will increase coverage by 0.00%.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1709   +/-   ##
=======================================
  Coverage   67.51%   67.51%           
=======================================
  Files        3067     3067           
  Lines       58985    58985           
  Branches     8944     8944           
=======================================
+ Hits        39821    39825    +4     
+ Misses      16985    16982    -3     
+ Partials     2179     2178    -1
Impacted Files Coverage Δ
.../core/server/ui_settings/settings/notifications.ts 100.00% <ø> (ø)
src/plugins/data/server/ui_settings.ts 71.42% <ø> (ø)
...ins/home/public/application/components/welcome.tsx 75.55% <ø> (ø)
...ins/telemetry/public/components/opt_in_message.tsx 100.00% <ø> (ø)
...metry/public/components/opted_in_notice_banner.tsx 100.00% <ø> (ø)
...is_default_editor/public/components/agg_select.tsx 0.00% <ø> (ø)
packages/osd-optimizer/src/node/cache.ts 52.77% <0.00%> (+2.77%) ⬆️
...s/osd-optimizer/src/node/node_auto_tranpilation.ts 87.75% <0.00%> (+4.08%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b2cfb6e...980e64f. Read the comment docs.

@manasvinibs
Copy link
Member Author

This is a solid implementation of linked issue.

However, in reviewing, this felt like the kind of thing we shouldn't have to manually worry about for every link. I did a little digging, and it turns out that neither noopeneer nor noreferrer need to be explicitly set when using <EuiLink> components with target="_blank".

Here is where that EUI component calculates the ref values: https://github.com/elastic/eui/blob/1a5e8429c2db1c331946aede3f85e144fa21d381/src/components/link/link.tsx#L163

noreferrer will always be set by https://github.com/elastic/eui/blob/1a5e8429c2db1c331946aede3f85e144fa21d381/src/services/security/get_secure_rel_for_target.ts#L40-L42

and noopener will be set by https://github.com/elastic/eui/blob/1a5e8429c2db1c331946aede3f85e144fa21d381/src/services/security/get_secure_rel_for_target.ts#L44-L46

So my recommendation is to update the changes to the 4 <EuiLink> components to remove the rel prop altogether, rather than manually adding noreferrer. (The current changes to <a> strings seem worthwhile to keep)

Thanks Josh for the pointers! Looks like <EuiLink> is already taking care of what we are trying to achieve here. I'll send the updated revision.

ananzh
ananzh approved these changes Jun 9, 2022
View reviewed changes
Copy link
Member

@ananzh ananzh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

joshuarrrr
joshuarrrr approved these changes Jun 13, 2022
View reviewed changes
Copy link
Member

@joshuarrrr joshuarrrr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the updates!

@manasvinibs manasvinibs merged commit 3ff99cf into opensearch-project:main Jun 13, 2022
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jun 13, 2022
@manasvinibs @github-actions
Adding noreferrer on doc links (#1709)
b1c4022 
Signed-off-by: manasvis <manasvis@amazon.com>
(cherry picked from commit 3ff99cf)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jun 13, 2022
Merged
@kavilla kavilla added v2.1.0 Mend: dependency security vulnerability Security vulnerability detected by Mend labels Jun 13, 2022
@kavilla kavilla linked an issue Jun 13, 2022 that may be closed by this pull request
[Improvement] noreferrer on doc links #567
Closed
kavilla pushed a commit that referenced this pull request Jun 15, 2022
@opensearch-trigger-bot @manasvinibs
Adding noreferrer on doc links (#1709) (#1727)
12a1457 
Signed-off-by: manasvis <manasvis@amazon.com>
(cherry picked from commit 3ff99cf)

Co-authored-by: Manasvini B Suryanarayana <105884062+manasvinibs@users.noreply.github.com>
kavilla pushed a commit to kavilla/OpenSearch-Dashboards-1 that referenced this pull request Jun 16, 2022
@manasvinibs @kavilla
Adding noreferrer on doc links (opensearch-project#1709)
c415b0c 
Signed-off-by: manasvis <manasvis@amazon.com>
cliu123 pushed a commit to cliu123/OpenSearch-Dashboards that referenced this pull request Jun 30, 2022
@opensearch-trigger-bot @manasvinibs
Adding noreferrer on doc links (opensearch-project#1709) (opensearch-…
50a641a 
…project#1727)

Signed-off-by: manasvis <manasvis@amazon.com>
(cherry picked from commit 3ff99cf)

Co-authored-by: Manasvini B Suryanarayana <105884062+manasvinibs@users.noreply.github.com>
cliu123 pushed a commit to cliu123/OpenSearch-Dashboards that referenced this pull request Jun 30, 2022
@opensearch-trigger-bot @manasvinibs
Adding noreferrer on doc links (opensearch-project#1709) (opensearch-…
ff8e23a 
…project#1727)

Signed-off-by: manasvis <manasvis@amazon.com>
(cherry picked from commit 3ff99cf)

Co-authored-by: Manasvini B Suryanarayana <105884062+manasvinibs@users.noreply.github.com>
@joshuarrrr joshuarrrr mentioned this pull request Oct 10, 2022
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuarrrr joshuarrrr joshuarrrr approved these changes

@ananzh ananzh ananzh approved these changes

Assignees

@manasvinibs manasvinibs

Labels
backport 2.x Mend: dependency security vulnerability Security vulnerability detected by Mend v2.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Improvement] noreferrer on doc links
5 participants
@manasvinibs @codecov-commenter @joshuarrrr @ananzh @kavilla