Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link to github developer settings in auth provider setup doesn't open in a new tab #9379

Closed
nickwsuse opened this issue Jul 19, 2023 · 6 comments
Closed

Link to github developer settings in auth provider setup doesn't open in a new tab #9379

nickwsuse opened this issue Jul 19, 2023 · 6 comments
Labels
kind/bug
Milestone
v2.9.0

Comments

@nickwsuse
Copy link

Setup

  • Rancher version: v2.7-head Commit ID:
  • Rancher UI Extensions: N/A
  • Browser type & version: Chrome Version 114.0.5735.198 (Official Build) (arm64)

Describe the bug
The link to https://github.com/settings/developers should be opening in a new tab, but is opening in the same tab when clicked. The text with the link suggests that it should - [Click here](https://github.com/settings/developers) to go to GitHub application settings in a new window.

To Reproduce

  1. Create a Rancher instance on v2.7-head (or v2.7.3/v2.7.5)
  2. Log into the Rancher instance
  3. Click the hamburger menu in the upper left of the page
  4. Click Users & Authentication
  5. Click Auth Providers on the left side of the page
  6. Click the Github OAuth option
  7. See the link and text that suggests the link will open in a new tab/window
  8. Click the link

Result
Clicking the link opens it in the same tab

Expected Result
Clicking the link opens it in a new tab

Screenshots
image

2023-07-19_15-19-49 (1)

Additional context
I can repro this on v2.7.5 and on v2.7.3
@nickwsuse nickwsuse added this to the v2.7.next3 milestone Aug 9, 2023
@richard-cox
Copy link
Member

Moving out of v2.7q3, given we've passed code freeze

@richard-cox richard-cox removed this from the v2.7.next3 milestone Aug 10, 2023
@jonatan5524
Copy link
Contributor

Hi, can I work on this issue?
I have tested this bug in a local environment and saw it also happen in the Google Authentication link

@jonatan5524
Copy link
Contributor

After testing I saw that the t method returns the lins with target="_blank" but in HTML it is not presented (that is the attribute that opens the link in a new tab)
After changing the v-clean-html to v-html in this line:

dashboard/shell/edit/auth/github.vue

Line 191 in 7d8a223

<li v-clean-html="t(`authConfig.${NAME}.form.prefix.1`, tArgs, true)" />

The new tab link worked.
I saw v-html is Vue native but security advised not to use it, where did the v-clean-html come from?

@richard-cox
Copy link
Member

Hi @jonatan5524 , thanks for taking a look at this issue. v-clean-html is shell/plugins/clean-html-directive.js which sanitises html input. It looks like the target attribute in intentionally stripped from the output. The team here will need to decide how best to handle this scenario

@richard-cox richard-cox added this to the v2.8.x milestone Aug 21, 2023
@jonatan5524
Copy link
Contributor

Hi @jonatan5524 , thanks for taking a look at this issue. v-clean-html is shell/plugins/clean-html-directive.js which sanitises html input. It looks like the target attribute in intentionally stripped from the output. The team here will need to decide how best to handle this scenario

Thank you for the reply, If a desicion is made and need to make a change I will gladly take that 😊.

@rak-phillip rak-phillip mentioned this issue Feb 12, 2024
Closed
@richard-cox richard-cox modified the milestones: v2.8.x, v2.9.0 Feb 15, 2024
@richard-cox
Copy link
Member

Reproducible in 2.8.2, but not in 2.9-head (2.9.0). Believe this to be fixed via #9920 was the fix

@richard-cox richard-cox closed this as not planned Won't fix, can't repro, duplicate, stale Feb 15, 2024
@zube zube bot closed this as completed Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
v2.9.0
Development

No branches or pull requests
3 participants
@richard-cox @jonatan5524 @nickwsuse