fix(frontend): add missing rel="noopener noreferrer" to target="_blank" links (#1741)

* fix(frontend): add missing rel="noopener noreferrer" to target="_blank" links Prevent tabnabbing attacks and referrer leakage by ensuring all external links with target="_blank" include both noopener and noreferrer in the rel attribute. Made-with: Cursor * style: fix code formatting
2026-06-10 09:25:57 +00:00 · 2026-04-02 17:32:52 +08:00
parent f56d0b4869
commit 636053fb6d
8 changed files with 33 additions and 14 deletions
@@ -188,7 +188,11 @@ export function ArtifactFileDetail({
              </Tooltip>
            )}
            {!isWriteFile && (
-              <a href={urlOfArtifact({ filepath, threadId })} target="_blank">
+              <a
+                href={urlOfArtifact({ filepath, threadId })}
+                target="_blank"
+                rel="noopener noreferrer"
+              >
                <ArtifactAction
                  icon={SquareArrowOutUpRightIcon}
                  label={t.common.openInNewWindow}
@@ -217,6 +221,7 @@ export function ArtifactFileDetail({
              <a
                href={urlOfArtifact({ filepath, threadId, download: true })}
                target="_blank"
+                rel="noopener noreferrer"
              >
                <ArtifactAction
                  icon={DownloadIcon}