Skip to content

fix: add rel="noopener noreferrer" to footer external links (#3751)#3787

Merged
arkid15r merged 4 commits intoOWASP:mainfrom
ryanbasic1:fix/footer-noopener-3751
Feb 5, 2026
Merged

fix: add rel="noopener noreferrer" to footer external links (#3751)#3787
arkid15r merged 4 commits intoOWASP:mainfrom
ryanbasic1:fix/footer-noopener-3751

Conversation

@ryanbasic1
Copy link
Contributor

Fixes #3751

Summary

Added rel="noopener noreferrer" to footer links using target="_blank".

Why

Prevents tab-napping attacks and aligns with the security fix in #3669.

Testing

  • Verified links open in a new tab
  • Confirmed rel attribute is applied

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 5, 2026

Summary by CodeRabbit

  • Bug Fixes
    • Improved security for external footer links that open in new tabs by preventing the originating page from being accessible via the opened page (adds noopener/noreferrer behavior), reducing potential risk when visiting third-party sites.

Walkthrough

Added the rel="noopener noreferrer" attribute to Link elements in the Footer component that open in a new tab (target="_blank"); no other logic or exported signatures changed.

Changes

Cohort / File(s) Summary
Security hardening
frontend/src/components/Footer.tsx
Added rel="noopener noreferrer" to Link elements with target="_blank" to mitigate tab-napping and referrer exposure.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

  • kasya
🚥 Pre-merge checks | ✅ 4 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately and concisely describes the main change: adding rel="noopener noreferrer" to footer external links, with specific issue reference.
Description check ✅ Passed The description clearly relates to the changeset, explaining the security fix and referencing the linked issue #3751 with appropriate context.
Linked Issues check ✅ Passed The PR fully addresses the requirements in #3751 by adding rel="noopener noreferrer" to Footer Link elements with target="_blank".
Out of Scope Changes check ✅ Passed All changes are directly related to the linked issue #3751; only the Footer.tsx file was modified to add the required security attribute.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link

github-actions bot commented Feb 5, 2026

The linked issue must be assigned to the PR author.

@github-actions github-actions bot closed this Feb 5, 2026
@arkid15r arkid15r reopened this Feb 5, 2026
coderabbitai[bot]
coderabbitai bot previously approved these changes Feb 5, 2026
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 5, 2026

@arkid15r arkid15r enabled auto-merge February 5, 2026 20:21
@codecov
Copy link

codecov bot commented Feb 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.26%. Comparing base (4f4b13c) to head (131398e).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #3787   +/-   ##
=======================================
  Coverage   90.26%   90.26%           
=======================================
  Files         463      463           
  Lines       14418    14418           
  Branches     1934     1934           
=======================================
  Hits        13014    13014           
  Misses        987      987           
  Partials      417      417           
Flag Coverage Δ
backend 90.97% <ø> (ø)
frontend 88.26% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
frontend/src/components/Footer.tsx 91.66% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4f4b13c...131398e. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@arkid15r arkid15r added this pull request to the merge queue Feb 5, 2026
Merged via the queue into OWASP:main with commit b337ac3 Feb 5, 2026
36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security: Footer external links missing rel="noopener noreferrer"

2 participants