Copilot commented on code in PR #37451:
URL: https://github.com/apache/superset/pull/37451#discussion_r2728840939
##########
docs/docusaurus.config.ts:
##########
@@ -473,8 +473,10 @@ const config: Config = {
footer: {
links: [],
copyright: `
- <div class="footer__applitools">
- We use <a href="https://applitools.com/"; target="_blank"
rel="nofollow"><img src="/img/applitools.png" title="Applitools" /></a>
+ <div class="footer__ci-services">
+ <span>CI powered by</span>
+ <a href="https://applitools.com/"; target="_blank"
rel="nofollow"><img src="/img/applitools.png" alt="Applitools"
title="Applitools - Visual Testing" /></a>
+ <a href="https://www.netlify.com/"; target="_blank"
rel="nofollow"><img src="/img/netlify.svg" alt="Netlify" title="Netlify -
Deploy Previews" /></a>
Review Comment:
Links opened with target="_blank" should include a rel that prevents
reverse-tabnabbing (e.g., add "noreferrer"/"noopener" alongside "nofollow").
Right now these anchors only set rel="nofollow".
##########
docs/i18n/en/docusaurus-theme-classic/footer.json:
##########
@@ -1,6 +1,6 @@
{
"copyright": {
- "message": "\n <div class=\"footer__applitools\">\n We
use <a href=\"https://applitools.com/\"; target=\"_blank\"
rel=\"nofollow\"><img src=\"/img/applitools.png\" title=\"Applitools\" /></a>\n
</div>\n <p>Copyright © 2024,\n The <a
href=\"https://www.apache.org/\"; target=\"_blank\" rel=\"noreferrer\">Apache
Software Foundation</a>,\n Licensed under the Apache <a
href=\"https://apache.org/licenses/LICENSE-2.0\"; target=\"_blank\"
rel=\"noreferrer\">License</a>.</p>\n <p><small>Apache Superset,
Apache, Superset, the Superset logo, and the Apache feather logo are either
registered trademarks or trademarks of The Apache Software Foundation. All
other products or name brands are trademarks of their respective holders,
including The Apache Software Foundation.\n <a
href=\"https://www.apache.org/\"; target=\"_blank\">Apache Software
Foundation</a> resources</small></p>\n <img class=\"footer__divider
\" src=\"/img/community/line.png\" alt=\"Divider\" />\n <p>\n
<small>\n <a href=\"/docs/security/\" target=\"_blank\"
rel=\"noreferrer\">Security</a> | \n <a
href=\"https://www.apache.org/foundation/sponsorship.html\"; target=\"_blank\"
rel=\"noreferrer\">Donate</a> | \n <a
href=\"https://www.apache.org/foundation/thanks.html\"; target=\"_blank\"
rel=\"noreferrer\">Thanks</a> | \n <a
href=\"https://apache.org/events/current-event\"; target=\"_blank\"
rel=\"noreferrer\">Events</a> | \n <a
href=\"https://apache.org/licenses/\"; target=\"_blank\"
rel=\"noreferrer\">License</a> | \n <a
href=\"https://privacy.apache.org/policies/privacy-policy-public.html\";
target=\"_blank\" rel=\"noreferrer\">Privacy</a>\n </small>\n
</p>\n <!-- telemetry/analytics pixel: -->\n <img
referrerPolicy=\"no-referrer-when-downgrad
e\"
src=\"https://static.scarf.sh/a.png?x-pxid=39ae6855-95fc-4566-86e5-360d542b0a68\";
/>\n ",
+ "message": "\n <div class=\"footer__ci-services\">\n
<span>CI powered by</span>\n <a href=\"https://applitools.com/\";
target=\"_blank\" rel=\"nofollow\"><img src=\"/img/applitools.png\"
alt=\"Applitools\" title=\"Applitools - Visual Testing\" /></a>\n <a
href=\"https://www.netlify.com/\"; target=\"_blank\" rel=\"nofollow\"><img
src=\"/img/netlify.svg\" alt=\"Netlify\" title=\"Netlify - Deploy Previews\"
/></a>\n </div>\n <p>Copyright © 2024,\n The <a
href=\"https://www.apache.org/\"; target=\"_blank\" rel=\"noreferrer\">Apache
Software Foundation</a>,\n Licensed under the Apache <a
href=\"https://apache.org/licenses/LICENSE-2.0\"; target=\"_blank\"
rel=\"noreferrer\">License</a>.</p>\n <p><small>Apache Superset,
Apache, Superset, the Superset logo, and the Apache feather logo are either
registered trademarks or trademarks of The Apache Software Foundation. All
other products or name brands are t
rademarks of their respective holders, including The Apache Software
Foundation.\n <a href=\"https://www.apache.org/\";
target=\"_blank\">Apache Software Foundation</a> resources</small></p>\n
<img class=\"footer__divider\" src=\"/img/community/line.png\"
alt=\"Divider\" />\n <p>\n <small>\n <a
href=\"/docs/security/\" target=\"_blank\"
rel=\"noreferrer\">Security</a> | \n <a
href=\"https://www.apache.org/foundation/sponsorship.html\"; target=\"_blank\"
rel=\"noreferrer\">Donate</a> | \n <a
href=\"https://www.apache.org/foundation/thanks.html\"; target=\"_blank\"
rel=\"noreferrer\">Thanks</a> | \n <a
href=\"https://apache.org/events/current-event\"; target=\"_blank\"
rel=\"noreferrer\">Events</a> | \n <a
href=\"https://apache.org/licenses/\"; target=\"_blank\"
rel=\"noreferrer\">License</a> | \n <a
href=\"https://privacy.apa
che.org/policies/privacy-policy-public.html\" target=\"_blank\"
rel=\"noreferrer\">Privacy</a>\n </small>\n </p>\n
<!-- telemetry/analytics pixel: -->\n <img
referrerPolicy=\"no-referrer-when-downgrade\"
src=\"https://static.scarf.sh/a.png?x-pxid=39ae6855-95fc-4566-86e5-360d542b0a68\";
/>\n ",
Review Comment:
This updated footer HTML includes links with target="_blank" but rel is
either just "nofollow" (Applitools/Netlify) or missing entirely (the later
apache.org link). For security, ensure every target="_blank" link includes a
rel like "noreferrer"/"noopener" (you can keep "nofollow" if desired).
```suggestion
"message": "\n <div class=\"footer__ci-services\">\n
<span>CI powered by</span>\n <a href=\"https://applitools.com/\";
target=\"_blank\" rel=\"nofollow noreferrer noopener\"><img
src=\"/img/applitools.png\" alt=\"Applitools\" title=\"Applitools - Visual
Testing\" /></a>\n <a href=\"https://www.netlify.com/\";
target=\"_blank\" rel=\"nofollow noreferrer noopener\"><img
src=\"/img/netlify.svg\" alt=\"Netlify\" title=\"Netlify - Deploy Previews\"
/></a>\n </div>\n <p>Copyright © 2024,\n The <a
href=\"https://www.apache.org/\"; target=\"_blank\" rel=\"noreferrer
noopener\">Apache Software Foundation</a>,\n Licensed under the Apache
<a href=\"https://apache.org/licenses/LICENSE-2.0\"; target=\"_blank\"
rel=\"noreferrer noopener\">License</a>.</p>\n <p><small>Apache
Superset, Apache, Superset, the Superset logo, and the Apache feather logo are
either registered trademarks or trademarks of The Apache
Software Foundation. All other products or name brands are trademarks of their
respective holders, including The Apache Software Foundation.\n <a
href=\"https://www.apache.org/\"; target=\"_blank\" rel=\"noreferrer
noopener\">Apache Software Foundation</a> resources</small></p>\n <img
class=\"footer__divider\" src=\"/img/community/line.png\" alt=\"Divider\" />\n
<p>\n <small>\n <a href=\"/docs/security/\"
target=\"_blank\" rel=\"noreferrer noopener\">Security</a> | \n
<a href=\"https://www.apache.org/foundation/sponsorship.html\";
target=\"_blank\" rel=\"noreferrer noopener\">Donate</a> | \n
<a href=\"https://www.apache.org/foundation/thanks.html\";
target=\"_blank\" rel=\"noreferrer noopener\">Thanks</a> | \n
<a href=\"https://apache.org/events/current-event\"; target=\"_blank\"
rel=\"noreferrer noopener\">Events</a> | \n <a
href=\"https://apach
e.org/licenses/\" target=\"_blank\" rel=\"noreferrer
noopener\">License</a> | \n <a
href=\"https://privacy.apache.org/policies/privacy-policy-public.html\";
target=\"_blank\" rel=\"noreferrer noopener\">Privacy</a>\n
</small>\n </p>\n <!-- telemetry/analytics pixel: -->\n
<img referrerPolicy=\"no-referrer-when-downgrade\"
src=\"https://static.scarf.sh/a.png?x-pxid=39ae6855-95fc-4566-86e5-360d542b0a68\";
/>\n ",
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
![https://static.scarf.sh/a.png?x-pxid=39ae6855-95fc-4566-86e5-360d542b0a68\"](https://static.scarf.sh/a.png?x-pxid=39ae6855-95fc-4566-86e5-360d542b0a68\"){kind=link}