bito-code-review[bot] commented on code in PR #37451:
URL: https://github.com/apache/superset/pull/37451#discussion_r2729095510
##########
docs/docusaurus.config.ts:
##########
@@ -473,8 +473,10 @@ const config: Config = {
footer: {
links: [],
copyright: `
- <div class="footer__applitools">
- We use <a href="https://applitools.com/"; target="_blank"
rel="nofollow"><img src="/img/applitools.png" title="Applitools" /></a>
+ <div class="footer__ci-services">
+ <span>CI powered by</span>
+ <a href="https://applitools.com/"; target="_blank" rel="nofollow
noreferrer"><img src="/img/applitools.png" alt="Applitools" title="Applitools -
Visual Testing" /></a>
+ <a href="https://www.netlify.com/"; target="_blank" rel="nofollow
noreferrer"><img src="/img/netlify.svg" alt="Netlify" title="Netlify - Deploy
Previews" /></a>
Review Comment:
<div>
<div id="suggestion">
<div id="issue"><b>Security: Missing noopener in rel</b></div>
<div id="fix">
These external links with target='_blank' should include 'noopener' in the
rel attribute to prevent potential security risks like reverse tabnacking,
where the linked page could access the opener window. While 'noreferrer' blocks
referrer headers, 'noopener' is essential for protecting against window.opener
manipulation.
</div>
<details>
<summary>
<b>Code suggestion</b>
</summary>
<blockquote>Check the AI-generated fix before applying</blockquote>
<div id="code">
```
--- a/docs/docusaurus.config.ts
+++ b/docs/docusaurus.config.ts
@@ -475,8 +475,8 @@
copyright: `
<div class="footer__ci-services">
<span>CI powered by</span>
- <a href="https://applitools.com/"; target="_blank"
rel="nofollow noreferrer"><img src="/img/applitools.png" alt="Applitools"
title="Applitools - Visual Testing" /></a>
- <a href="https://www.netlify.com/"; target="_blank"
rel="nofollow noreferrer"><img src="/img/netlify.svg" alt="Netlify"
title="Netlify - Deploy Previews" /></a>
+ <a href="https://applitools.com/"; target="_blank"
rel="nofollow noopener noreferrer"><img src="/img/applitools.png"
alt="Applitools" title="Applitools - Visual Testing" /></a>
+ <a href="https://www.netlify.com/"; target="_blank"
rel="nofollow noopener noreferrer"><img src="/img/netlify.svg" alt="Netlify"
title="Netlify - Deploy Previews" /></a>
</div>
<p>Copyright © ${new Date().getFullYear()},
The <a href="https://www.apache.org/"; target="_blank"
rel="noreferrer">Apache Software Foundation</a>,
```
</div>
</details>
</div>
<small><i>Code Review Run #889c34</i></small>
</div>
---
Should Bito avoid suggestions like this for future reviews? (<a
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
- [ ] Yes, avoid them
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
