Skip to content

fix(web): add rel="noopener" to external links with target="_blank" #2732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(web): add rel="noopener" to external links with target="_blank" #2732

wants to merge 1 commit into from

Conversation

@Provizor071
Copy link

@Provizor071 Provizor071 commented Oct 20, 2025

What changed? Why?
Added rel="noopener" to all anchor (<a>) tags with target="_blank" across the codebase.
This improves security and prevents potential reverse tabnabbing attacks.
No functional or UI changes were made — this is a purely mechanical and standardized edit.

Notes to reviewers

  • This was applied automatically using a codemod script.
  • All modified lines are limited to adding rel="noopener".
  • No business logic or component structure was altered.
  • Safe to review and merge as a batch.

How has it been tested?

  • Verified that all changes are limited to <a> elements with target="_blank".
  • Manual inspection of diff confirmed no other modifications.
  • No runtime or visual regressions expected.

Have you tested the following pages?

BaseWeb

  • base.org
  • base.org/names
  • base.org/builders
  • base.org/ecosystem
  • base.org/name/jesse
  • base.org/manage-names
  • base.org/resources

@Provizor071
fix(web): add rel="noopener" to external links with target="_blank"
b9a1c52 
This change adds `rel="noopener"` to all external links that use `target="_blank"` across the web app.
The goal is to improve security and prevent potential reverse tabnabbing attacks.

- 52 files updated within `apps/web/` components
- No functional or UI logic has been changed
- This is a mechanical, automated edit to improve security hygiene

References:
- https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#security_and_privacy_concerns
- https://web.dev/external-anchors-use-rel-noopener/
@vercel
Copy link

vercel bot commented Oct 20, 2025

@Provizor071 is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

@cb-heimdall
Copy link
Collaborator

cb-heimdall commented Oct 20, 2025

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/2
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Provizor071 @cb-heimdall