fix: unsafe external link (#2356)

5a004ae4 · Joel · GitHub · 04fb610f · 5a004ae4 · 5a004ae4
Unverified Commit 5a004ae4 authored Feb 02, 2024 by Joel Committed by GitHub Feb 02, 2024
9 changed files
--- a/web/app/activate/activateForm.tsx
+++ b/web/app/activate/activateForm.tsx
@@ -100,7 +100,7 @@ const ActivateForm = () => {
        'md:px-[108px]',
      )
    }>
-      {!checkRes && <Loading/>}
+      {!checkRes && <Loading />}
      {checkRes && !checkRes.is_valid && (
        <div className="flex flex-col md:w-[400px]">
          <div className="w-full mx-auto">
@@ -206,7 +206,7 @@ const ActivateForm = () => {
                &nbsp;
                <Link
                  className='text-primary-600'
-                  target={'_blank'}
+                  target='_blank' rel='noopener noreferrer'
                  href={`https://docs.dify.ai/${language !== LanguagesSupportedUnderscore[1] ? 'user-agreement' : `v/${locale.toLowerCase()}/policies`}/open-source`}
                >{t('login.license.link')}</Link>
              </div>

--- a/web/app/components/base/markdown.tsx
+++ b/web/app/components/base/markdown.tsx
@@ -144,7 +144,7 @@ export function Markdown(props: { content: string; className?: string }) {
              )
          },
        }}
-        linkTarget={'_blank'}
+        linkTarget='_blank'
      >
        {/* Markdown detect has problem. */}
        {props.content}

--- a/web/app/components/header/account-setting/Integrations-page/index.tsx
+++ b/web/app/components/header/account-setting/Integrations-page/index.tsx
@@ -45,7 +45,7 @@ export default function IntegrationsPage() {
                  <Link
                    className='flex items-center h-8 px-[7px] bg-white rounded-lg border border-gray-200 text-xs font-medium text-gray-700 cursor-pointer'
                    href={integrate.link}
-                    target={'_blank'}>
+                    target='_blank' rel='noopener noreferrer'>
                    {t('common.integrations.connect')}
                  </Link>
                )

--- a/web/app/components/header/account-setting/key-validator/index.tsx
+++ b/web/app/components/header/account-setting/key-validator/index.tsx
@@ -108,7 +108,7 @@ const KeyValidator = ({
                />
              ))
            }
-            <a className="flex items-center text-xs cursor-pointer text-primary-600" href={keyFrom.link} target={'_blank'}>
+            <a className="flex items-center text-xs cursor-pointer text-primary-600" href={keyFrom.link} target='_blank' rel='noopener noreferrer'>
              {keyFrom.text}
              <LinkExternal02 className='w-3 h-3 ml-1 text-primary-600' />
            </a>

--- a/web/app/components/header/account-setting/model-provider-page/model-modal/index.tsx
+++ b/web/app/components/header/account-setting/model-provider-page/model-modal/index.tsx
@@ -300,7 +300,7 @@ const ModelModal: FC<ModelModalProps> = ({
                      {t('common.modelProvider.encrypted.front')}
                      <a
                        className='text-primary-600 mx-1'
-                        target={'_blank'}
+                        target='_blank' rel='noopener noreferrer'
                        href='https://pycryptodome.readthedocs.io/en/latest/src/cipher/oaep.html'
                      >
                        PKCS1_OAEP

--- a/web/app/components/header/account-setting/plugin-page/index.tsx
+++ b/web/app/components/header/account-setting/plugin-page/index.tsx
@@ -24,7 +24,7 @@ const PluginPage = () => {
        {t('common.provider.encrypted.front')}
        <Link
          className='text-primary-600 mx-1'
-          target={'_blank'}
+          target='_blank' rel='noopener noreferrer'
          href='https://pycryptodome.readthedocs.io/en/latest/src/cipher/oaep.html'
        >
          PKCS1_OAEP

--- a/web/app/install/installForm.tsx
+++ b/web/app/install/installForm.tsx
@@ -172,10 +172,10 @@ const InstallForm = () => {
            </form>
            <div className="block w-hull mt-2 text-xs text-gray-600">
              {t('login.license.tip')}
-            &nbsp;
+              &nbsp;
              <Link
                className='text-primary-600'
-                target={'_blank'}
+                target='_blank' rel='noopener noreferrer'
                href={'https://docs.dify.ai/user-agreement/open-source'}
              >{t('login.license.link')}</Link>
            </div>

--- a/web/app/signin/normalForm.tsx
+++ b/web/app/signin/normalForm.tsx
@@ -282,13 +282,13 @@ const NormalForm = () => {
            &nbsp;
            <Link
              className='text-primary-600'
-              target={'_blank'}
+              target='_blank' rel='noopener noreferrer'
              href={language !== LanguagesSupportedUnderscore[1] ? 'https://docs.dify.ai/user-agreement/terms-of-service' : 'https://docs.dify.ai/v/zh-hans/user-agreement/terms-of-service'}
            >{t('login.tos')}</Link>
            &nbsp;&&nbsp;
            <Link
              className='text-primary-600'
-              target={'_blank'}
+              target='_blank' rel='noopener noreferrer'
              href={language !== LanguagesSupportedUnderscore[1] ? 'https://docs.dify.ai/user-agreement/privacy-policy' : 'https://docs.dify.ai/v/zh-hans/user-agreement/privacy-policy'}
            >{t('login.pp')}</Link>
          </div>

--- a/web/app/signin/oneMoreStep.tsx
+++ b/web/app/signin/oneMoreStep.tsx
@@ -160,7 +160,7 @@ const OneMoreStep = () => {
            &nbsp;
            <Link
              className='text-primary-600'
-              target={'_blank'}
+              target='_blank' rel='noopener noreferrer'
              href={'https://docs.dify.ai/user-agreement/open-source'}
            >{t('login.license.link')}</Link>
          </div>