feat(GlSafeLinkDirective): Add safe link directive (!1457) · Merge requests · GitLab.org / gitlab-ui

Dheeraj Joshi requested to merge safe-link-directive into master Jun 02, 2020

What does this MR do?

This MR adds a directive to prevent security issues related to hyperlinks.

Makes sure all the external urls have noopener noreferrer rel attributes. This also preserves existing values.

Links are vulnerable to javascript based XSS vulnerabilty, for example

<a href="javascript:alert(document.domain)">click me</a>

This directive aims to sanitize all such xss payloads by replacing them with about:blank.

MR	Changes
!1472 (merged)	Add it to `GlLink` component
!1490 (merged)	Make update transformation reactive

Code review guidelines.
GitLab UI's contributing guidlines.
If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer.
If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer.
If the MR changes a component's API, integration MR(s) have been opened in the following projects to ensure that the @gitlab/ui package can be upgraded quickly after the changes are released:
- GitLab: mr_url
- Customers Portal: mr_url
- Status Page: mr_url
Added the ~"component:*" label(s) if applicable.

Edited Jun 18, 2020 by Dheeraj Joshi