Skip to content

Commit 0a136f1

Browse files
sunnylqmgoogle-labs-jules[bot]
sunnylqm
and
google-labs-jules[bot]
authored
security: fix reverse tabnabbing vulnerability via target="_blank" (#23)
Added rel="noopener noreferrer" to all occurrences of target="_blank" in the codebase to prevent potential reverse tabnabbing attacks. Affected files include src/pages/user.tsx, src/pages/api-tokens.tsx, src/components/sider.tsx, src/components/main-layout.tsx, and others. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: sunnylqm <615282+sunnylqm@users.noreply.github.com>
1 parent 06aa0c8 commit 0a136f1

7 files changed

Lines changed: 8 additions & 6 deletions

File tree

src/components/main-layout.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,7 @@ const ExtLink = ({ children, href }: ExtLinkProps) => (
149149
href={href}
150150
target="_blank"
151151
// onClick={(e) => e.stopPropagation()}
152-
rel="noreferrer"
152+
rel="noopener noreferrer"
153153
>
154154
{children}
155155
</a>

src/components/sider.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -210,7 +210,7 @@ const SiderMenu = ({ selectedKeys, onNavigate }: SiderMenuProps) => {
210210
7日平均剩余次数:{user.last7dAvg?.toLocaleString()}
211211
</div>
212212
<div className="text-xs mt-2 text-center">
213-
<a target="_blank" href={PRICING_LINK} rel="noreferrer">
213+
<a target="_blank" href={PRICING_LINK} rel="noopener noreferrer">
214214
{quota?.title}
215215
</a>
216216
可用: {pvQuota?.toLocaleString()} 次/每日

src/pages/api-tokens.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -189,7 +189,7 @@ function ApiTokensPage() {
189189
<a
190190
target="_blank"
191191
href="https://update.reactnative.cn/api/openapi"
192-
rel="noopener"
192+
rel="noopener noreferrer"
193193
>
194194
Pushy API
195195
</a>

src/pages/manage/components/commit.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ export const Commit = ({ commit }: { commit?: Commit }) => {
5656
className="text-xs"
5757
href={url}
5858
target="_blank"
59-
rel="noreferrer"
59+
rel="noopener noreferrer"
6060
>
6161
{hash}
6262
</a>

src/pages/manage/components/version-table.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ const TestQrCode = ({ name, hash }: { name?: string; hash: string }) => {
5353
target="_blank"
5454
className="ml-1 text-xs"
5555
href={TEST_QR_CODE_DOC}
56-
rel="noreferrer"
56+
rel="noopener noreferrer"
5757
>
5858
如何使用?
5959
</a>

src/pages/register.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ export const Register = () => {
116116
<a
117117
target="_blank"
118118
href="https://pushy.reactnative.cn/agreement/"
119-
rel="noreferrer"
119+
rel="noopener noreferrer"
120120
>
121121
用户协议
122122
</a>

src/pages/user.tsx

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -252,6 +252,7 @@ function UserPanel() {
252252
<Button
253253
href={PRICING_LINK}
254254
target="_blank"
255+
rel="noopener noreferrer"
255256
className="w-full md:w-auto"
256257
>
257258
查看价格表
@@ -261,6 +262,7 @@ function UserPanel() {
261262
className="w-full md:w-auto"
262263
href="https://pushy.reactnative.cn/docs/faq.html#%E5%8F%AF%E4%BB%A5%E4%BD%BF%E7%94%A8%E9%93%B6%E8%A1%8C%E8%BD%AC%E8%B4%A6%E4%BB%98%E6%AC%BE%E5%90%97"
263264
target="_blank"
265+
rel="noopener noreferrer"
264266
>
265267
使用网银转账
266268
</Button>

0 commit comments

Comments
 (0)