Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve CodeQL alert 5 and 7 "Potentially unsafe external link" #6226

Closed
8 tasks
Tracked by #5129
roslynwythe opened this issue Feb 4, 2024 · 2 comments
Closed
8 tasks
Tracked by #5129

Resolve CodeQL alert 5 and 7 "Potentially unsafe external link" #6226

roslynwythe opened this issue Feb 4, 2024 · 2 comments
Labels
Complexity: Small Take this type of issues after the successful merge of your second good first issue Dependency An issue is blocking the completion or starting of another issue Feature: Code Alerts manual dependency release role: front end Tasks for front end developers size: 0.5pt Can be done in 3 hours or less
Milestone
02. Security

Comments

@roslynwythe
Copy link
Member

roslynwythe commented Feb 4, 2024
edited
Loading

Dependency

  • _layouts/guides.html is in production (specified in _config.yml)

Note: when the above dependency is satisfied, before prioritizing this issue we must reopen the CodeQL alert on this page: https://github.com/hackforla/website/security/code-scanning/5 and https://github.com/hackforla/website/security/code-scanning/7

Prerequisite

  1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
  2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to resolve the "Potentially unsafe external link" alerts which appears in the CodeQL alert 5 and alert 7 by adding the attribute rel="noopener noreferrer"

Action Items

            <a href="{{ item.links.github }}" target="_blank" title="GitHub Profile" class="fa fa-github fa-xl" style="margin-right: 13px; 
            text-decoration: none;"></a>

with

            <a href="{{ item.links.github }}" target="_blank" title="GitHub Profile" class="fa fa-github fa-xl" style="margin-right: 13px; 
            text-decoration: none;" rel="noopener noreferrer"></a>
  • Using Docker, check the page remains the same in mobile, tablet, and desktop views as on the current website (See 2 in the Resources/Instructions section below)

Merge Team

Resources/Instructions

  1. GitHub CodeQL documentation
  2. Sample webpage using this template: https://www.hackforla.org/guide-pages/2FA
  3. This issue is part of Epic: Create issues to resolve CodeQL alerts 1- 24, 98 "Potentially unsafe external link" #5129
@roslynwythe roslynwythe added good first issue Good for newcomers role: front end Tasks for front end developers Dependency An issue is blocking the completion or starting of another issue Feature Missing This label means that the issue needs to be linked to a precise feature label. size: missing size: 0.25pt Can be done in 0.5 to 1.5 hours Feature: Code Alerts role missing Complexity: Missing Draft Issue is still in the process of being created and removed Feature Missing This label means that the issue needs to be linked to a precise feature label. size: missing role missing Complexity: Missing Draft Issue is still in the process of being created labels Feb 4, 2024
@roslynwythe roslynwythe mentioned this issue Feb 4, 2024
Open
29 tasks
@roslynwythe roslynwythe changed the title Resolve alert 5 "Potentially unsafe external link" in _layouts/guides.html - 1 Resolve alert 5 and 7 "Potentially unsafe external link" in _layouts/guides.html - GitHub Feb 5, 2024
@roslynwythe roslynwythe added Complexity: Small Take this type of issues after the successful merge of your second good first issue size: 0.5pt Can be done in 3 hours or less and removed good first issue Good for newcomers size: 0.25pt Can be done in 0.5 to 1.5 hours labels Feb 5, 2024
@roslynwythe roslynwythe mentioned this issue Feb 5, 2024
Closed
7 tasks
@roslynwythe roslynwythe changed the title Resolve alert 5 and 7 "Potentially unsafe external link" in _layouts/guides.html - GitHub Resolve alert 5 and 7 "Potentially unsafe external link" Feb 5, 2024
@roslynwythe roslynwythe changed the title Resolve alert 5 and 7 "Potentially unsafe external link" Resolve CodeQL alert 5 and 7 "Potentially unsafe external link" Feb 5, 2024
@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone Feb 8, 2024
@t-will-gillis
Copy link
Member

t-will-gillis commented Jun 17, 2024
edited
Loading

OK to close this:
Both alerts are marked as "Fixed" by Dependabot:
https://github.com/hackforla/website/security/code-scanning/5
https://github.com/hackforla/website/security/code-scanning/7

Open
2 tasks
@t-will-gillis t-will-gillis mentioned this issue Sep 30, 2024
Open
@kgold2018
Copy link
Member

kgold2018 commented Oct 12, 2024
edited
Loading

CodeQL determined that the alerts attached to the PRs were automatically "fixed" after merging:
#6503

@kgold2018 kgold2018 moved this from QA to Done in P: HfLA Website: Project Board Oct 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: Small Take this type of issues after the successful merge of your second good first issue Dependency An issue is blocking the completion or starting of another issue Feature: Code Alerts manual dependency release role: front end Tasks for front end developers size: 0.5pt Can be done in 3 hours or less
Projects
P: HfLA Website: Project Board
Status: Done
Milestone
02. Security
Development

No branches or pull requests
4 participants
@roslynwythe @ExperimentsInHonesty @kgold2018 @t-will-gillis