Fix reverse tabnabbing issue
What does this MR do and why?
Fixes https://gitlab.com/gitlab-org/gitlab/-/issues/202060
The link is vulnerable to reverse tabnabbing. In reality this can really only be exploited by an admin so it's really low severity (hence the public fix) but it's very simple so I opened this MR.
Screenshots or screen recordings
No visual changes
How to set up and validate locally
Inspect the GitLab Pages link in http://127.0.0.1:3000/help/instance_configuration
It should have the noopener noreferrer
value for the rel
attribute. If GitLab Pages is configured to run locally click on the link and run window.opener
in the console and the result should be null
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Dominic Couture