Skip to content

Commit 0fc0cbb

Browse files
fix(frontend): add rel=noopener noreferrer to target=_blank links (#2505)
* fix(frontend): add rel=noopener noreferrer to target=_blank links External links opened with target="_blank" but no rel exposed reverse-tabnabbing (window.opener) and referrer leakage. Add rel="noopener noreferrer" to the custom Link/UILink/router-link sites that biome's noBlankTarget rule (native <a> only) can't reach. Vendor redpanda-ui components left untouched (audit SECURITY-03). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * style(frontend): wrap long external-link tags to satisfy formatter biome's formatter wraps the Link/UILink tags that exceeded line width after the rel="noopener noreferrer" addition. No semantic change (CI 'bun run lint' output). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent e4df1ed commit 0fc0cbb

8 files changed

Lines changed: 56 additions & 13 deletions

File tree

frontend/src/components/pages/connect/overview.tsx

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,7 @@ class KafkaConnectOverview extends PageComponent<{
163163
{this.props.isKafkaConnectEnabled
164164
? 'Redpanda Connect is an alternative to Kafka Connect. Choose from a growing ecosystem of readily available connectors.'
165165
: 'Redpanda Connect is a data streaming service for building scalable, high-performance data pipelines that drive real-time analytics and actionable business insights. Integrate data across systems with hundreds of prebuilt connectors, change data capture (CDC) capabilities, and YAML-configurable pipelines.'}{' '}
166-
<Link href="https://docs.redpanda.com/redpanda-connect/home/" target="_blank">
166+
<Link href="https://docs.redpanda.com/redpanda-connect/home/" rel="noopener noreferrer" target="_blank">
167167
Learn more
168168
</Link>
169169
</Text>
@@ -179,7 +179,11 @@ class KafkaConnectOverview extends PageComponent<{
179179
<Text>
180180
Kafka Connect is our set of managed connectors. These provide a way to integrate your Redpanda data with
181181
different data systems.{' '}
182-
<Link href="https://docs.redpanda.com/redpanda-cloud/develop/managed-connectors/" target="_blank">
182+
<Link
183+
href="https://docs.redpanda.com/redpanda-cloud/develop/managed-connectors/"
184+
rel="noopener noreferrer"
185+
target="_blank"
186+
>
183187
Learn more.
184188
</Link>
185189
</Text>

frontend/src/components/pages/quotas/quotas-list.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,7 +107,7 @@ const QuotasList = () => {
107107
<Section>
108108
<Result
109109
extra={
110-
<Link href="https://docs.redpanda.com/docs/manage/console/" target="_blank">
110+
<Link href="https://docs.redpanda.com/docs/manage/console/" rel="noopener noreferrer" target="_blank">
111111
<Button variant="solid">Redpanda Console documentation for roles and permissions</Button>
112112
</Link>
113113
}

frontend/src/components/pages/rp-connect/onboarding/add-user-step.tsx

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -545,6 +545,7 @@ export const AddUserStep = forwardRef<UserStepRef, AddUserStepProps & MotionProp
545545
<TanStackRouterLink
546546
className="text-blue-800"
547547
params={{ userName: existingUserSelected.name }}
548+
rel="noopener noreferrer"
548549
target="_blank"
549550
to="/security/users/$userName/details"
550551
>
@@ -693,6 +694,7 @@ export const AddUserStep = forwardRef<UserStepRef, AddUserStepProps & MotionProp
693694
<Text variant="small">
694695
You will need to configure{' '}
695696
<TanStackRouterLink
697+
rel="noopener noreferrer"
696698
target="_blank"
697699
to={
698700
isFeatureFlagEnabled('enableNewSecurityPage')

frontend/src/components/pages/rp-connect/onboarding/connect-tiles.tsx

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -346,7 +346,11 @@ export const ConnectTiles = memo(
346346
that drive real-time analytics and actionable business insights. Integrate data across systems with
347347
hundreds of prebuilt connectors, change data capture (CDC) capabilities, and YAML-configurable
348348
pipelines.{' '}
349-
<Link href="https://docs.redpanda.com/redpanda-connect/home/" target="_blank">
349+
<Link
350+
href="https://docs.redpanda.com/redpanda-connect/home/"
351+
rel="noopener noreferrer"
352+
target="_blank"
353+
>
350354
Learn more
351355
</Link>
352356
</Text>

frontend/src/components/pages/rp-connect/pipeline/list.tsx

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -698,7 +698,7 @@ const RedpandaConnectContent = () => (
698698
Redpanda Connect is a data streaming service for building scalable, high-performance data pipelines that drive
699699
real-time analytics and actionable business insights. Integrate data across systems with hundreds of prebuilt
700700
connectors, change data capture (CDC) capabilities, and YAML-configurable pipelines.{' '}
701-
<Link href="https://docs.redpanda.com/redpanda-connect/home/" target="_blank">
701+
<Link href="https://docs.redpanda.com/redpanda-connect/home/" rel="noopener noreferrer" target="_blank">
702702
Learn more
703703
</Link>
704704
</Text>
@@ -750,7 +750,11 @@ export const PipelineListPage = () => {
750750
<Text>
751751
Kafka Connect is our set of managed connectors. These provide a way to integrate your Redpanda data with
752752
different data systems.{' '}
753-
<Link href="https://docs.redpanda.com/redpanda-cloud/develop/managed-connectors/" target="_blank">
753+
<Link
754+
href="https://docs.redpanda.com/redpanda-cloud/develop/managed-connectors/"
755+
rel="noopener noreferrer"
756+
target="_blank"
757+
>
754758
Learn more
755759
</Link>
756760
</Text>

frontend/src/components/pages/rp-connect/pipelines-create.tsx

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -131,15 +131,27 @@ const RpConnectPipelinesCreateContent = () => {
131131
<div className="my-2">
132132
<UIText>
133133
For help creating your pipeline, see our{' '}
134-
<UILink href="https://docs.redpanda.com/redpanda-cloud/develop/connect/connect-quickstart/" target="_blank">
134+
<UILink
135+
href="https://docs.redpanda.com/redpanda-cloud/develop/connect/connect-quickstart/"
136+
rel="noopener noreferrer"
137+
target="_blank"
138+
>
135139
quickstart
136140
</UILink>
137141
,{' '}
138-
<UILink href="https://docs.redpanda.com/redpanda-cloud/develop/connect/cookbooks/" target="_blank">
142+
<UILink
143+
href="https://docs.redpanda.com/redpanda-cloud/develop/connect/cookbooks/"
144+
rel="noopener noreferrer"
145+
target="_blank"
146+
>
139147
library of examples
140148
</UILink>
141149
, and{' '}
142-
<UILink href="https://docs.redpanda.com/redpanda-cloud/develop/connect/components/catalog/" target="_blank">
150+
<UILink
151+
href="https://docs.redpanda.com/redpanda-cloud/develop/connect/components/catalog/"
152+
rel="noopener noreferrer"
153+
target="_blank"
154+
>
143155
connector catalog
144156
</UILink>
145157
.
@@ -453,6 +465,7 @@ export const PipelineEditor = (p: {
453465
This looks like a Kafka Connect configuration. For help with Redpanda Connect configurations,{' '}
454466
<UILink
455467
href="https://docs.redpanda.com/redpanda-cloud/develop/connect/connect-quickstart/"
468+
rel="noopener noreferrer"
456469
target="_blank"
457470
>
458471
see our quickstart documentation

frontend/src/components/pages/rp-connect/pipelines-edit.tsx

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -147,15 +147,27 @@ const RpConnectPipelinesEditContent = ({ pipeline, pipelineId }: { pipeline: Pip
147147
<div className="my-2">
148148
<UIText>
149149
For help editing your pipeline, see our{' '}
150-
<UILink href="https://docs.redpanda.com/redpanda-cloud/develop/connect/connect-quickstart/" target="_blank">
150+
<UILink
151+
href="https://docs.redpanda.com/redpanda-cloud/develop/connect/connect-quickstart/"
152+
rel="noopener noreferrer"
153+
target="_blank"
154+
>
151155
quickstart documentation
152156
</UILink>
153157
, our{' '}
154-
<UILink href="https://docs.redpanda.com/redpanda-cloud/develop/connect/cookbooks/" target="_blank">
158+
<UILink
159+
href="https://docs.redpanda.com/redpanda-cloud/develop/connect/cookbooks/"
160+
rel="noopener noreferrer"
161+
target="_blank"
162+
>
155163
library of examples
156164
</UILink>
157165
, or our{' '}
158-
<UILink href="https://docs.redpanda.com/redpanda-cloud/develop/connect/components/catalog/" target="_blank">
166+
<UILink
167+
href="https://docs.redpanda.com/redpanda-cloud/develop/connect/components/catalog/"
168+
rel="noopener noreferrer"
169+
target="_blank"
170+
>
159171
connector catalog
160172
</UILink>
161173
.

frontend/src/components/pages/transcripts/transcript-list-page.tsx

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -768,7 +768,11 @@ export const TranscriptListPage: FC<TranscriptListPageProps> = ({ disableFacetin
768768
<Text variant="muted">
769769
Trace and debug AI requests across your agentic dataplane — view LLM calls, tool invocations, and spans from
770770
agents, gateways, and services.{' '}
771-
<Link href="https://docs.redpanda.com/redpanda-cloud/ai-agents/observability" target="_blank">
771+
<Link
772+
href="https://docs.redpanda.com/redpanda-cloud/ai-agents/observability"
773+
rel="noopener noreferrer"
774+
target="_blank"
775+
>
772776
Learn more
773777
</Link>
774778
</Text>

0 commit comments

Comments
 (0)