Include rel=”noopener” on links to improve security · kefranabg/readme-md-generator#209

(1 评论) (0 反应) (0 负责人)JavaScript (10,735 star) (1,349 fork)batch import

feature requestgood first issue

描述

I would like to include in the templates/default.md file (compatible with HTML) the tag rel = "noopener noreferrer" inside the links . To do this, it will also be necessary to modify the links on "src/snapshots/readme.spec.js.snap" file, as I found testing in a local environment.

This modification increases the security of this generator's links. The vulnerability has been described in detail here: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

I believe that, at first, you may think that this would only represent a risk for the github itself. However, I realized that this could get worse because I am developing a small React app as a bootcamp exercise, and this app uses the Github API to receive information from profiles and repositories. When capturing this information, it saves it in a database and publishes it. In other words: the url of our sites is vulnerable.

贡献者指南

技术栈: javascript
领域: clisecurity
议题类型: security
难度: 2
预计时间: under 1 hour
活动状态: stale
清晰度: clear
前置要求: HTML
新手友好度: 90
研究方向: Review the templates/default.md file and add rel="noopener noreferrer" to all anchor tags. Then run the tests to update the corresponding snapshot file (src/ snapshots /readme.spec.js.snap). Ensure the change passes existing tests. No additional implementation details are required.