From d573ec4a47708df7755d5ff6ea53118c8452443b Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sat, 4 Apr 2026 16:50:04 +0000 Subject: [PATCH] security: fix reverse tabnabbing vulnerability via target="_blank" Added rel="noopener noreferrer" to all occurrences of target="_blank" in the codebase to prevent potential reverse tabnabbing attacks. Affected files include src/pages/user.tsx, src/pages/api-tokens.tsx, src/components/sider.tsx, src/components/main-layout.tsx, and others. Co-authored-by: sunnylqm <615282+sunnylqm@users.noreply.github.com> --- src/components/main-layout.tsx | 2 +- src/components/sider.tsx | 2 +- src/pages/api-tokens.tsx | 2 +- src/pages/manage/components/commit.tsx | 2 +- src/pages/manage/components/version-table.tsx | 2 +- src/pages/register.tsx | 2 +- src/pages/user.tsx | 2 ++ 7 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/components/main-layout.tsx b/src/components/main-layout.tsx index 1c28310..5302928 100644 --- a/src/components/main-layout.tsx +++ b/src/components/main-layout.tsx @@ -149,7 +149,7 @@ const ExtLink = ({ children, href }: ExtLinkProps) => ( href={href} target="_blank" // onClick={(e) => e.stopPropagation()} - rel="noreferrer" + rel="noopener noreferrer" > {children} diff --git a/src/components/sider.tsx b/src/components/sider.tsx index febd66c..b595b81 100644 --- a/src/components/sider.tsx +++ b/src/components/sider.tsx @@ -210,7 +210,7 @@ const SiderMenu = ({ selectedKeys, onNavigate }: SiderMenuProps) => { 7日平均剩余次数:{user.last7dAvg?.toLocaleString()} 次
- + {quota?.title} 可用: {pvQuota?.toLocaleString()} 次/每日 diff --git a/src/pages/api-tokens.tsx b/src/pages/api-tokens.tsx index 31e0063..6241208 100644 --- a/src/pages/api-tokens.tsx +++ b/src/pages/api-tokens.tsx @@ -189,7 +189,7 @@ function ApiTokensPage() { Pushy API diff --git a/src/pages/manage/components/commit.tsx b/src/pages/manage/components/commit.tsx index 0fbf3ce..eeb7c7d 100644 --- a/src/pages/manage/components/commit.tsx +++ b/src/pages/manage/components/commit.tsx @@ -56,7 +56,7 @@ export const Commit = ({ commit }: { commit?: Commit }) => { className="text-xs" href={url} target="_blank" - rel="noreferrer" + rel="noopener noreferrer" > {hash} diff --git a/src/pages/manage/components/version-table.tsx b/src/pages/manage/components/version-table.tsx index 1ce9b0a..c3082d6 100644 --- a/src/pages/manage/components/version-table.tsx +++ b/src/pages/manage/components/version-table.tsx @@ -53,7 +53,7 @@ const TestQrCode = ({ name, hash }: { name?: string; hash: string }) => { target="_blank" className="ml-1 text-xs" href={TEST_QR_CODE_DOC} - rel="noreferrer" + rel="noopener noreferrer" > 如何使用? diff --git a/src/pages/register.tsx b/src/pages/register.tsx index 63e8b06..ec3a298 100644 --- a/src/pages/register.tsx +++ b/src/pages/register.tsx @@ -116,7 +116,7 @@ export const Register = () => { 用户协议 diff --git a/src/pages/user.tsx b/src/pages/user.tsx index 8387e12..c18b3e4 100644 --- a/src/pages/user.tsx +++ b/src/pages/user.tsx @@ -252,6 +252,7 @@ function UserPanel() {