This is an automated email from the ASF dual-hosted git repository.
vogievetsky pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 1d87a74ed7d fix: add rel="noopener noreferrer" to web console links
opening in a new tab (#19483)
1d87a74ed7d is described below
commit 1d87a74ed7d32fe7dab7237f2ad5cb8e3c57f32f
Author: nuyb <[email protected]>
AuthorDate: Wed May 20 01:47:19 2026 +0900
fix: add rel="noopener noreferrer" to web console links opening in a new
tab (#19483)
Several Blueprint MenuItem and AnchorButton usages in the web console
open external links in a new tab via target="_blank" but do not set the
companion rel attribute. Unlike the project's own ExternalLink
component, Blueprint does not inject rel="noopener noreferrer"
automatically (verified against the rendered HTML in about-dialog's
snapshot), so each new tab can reach back into the opener window and
the destination receives a Referer header.
Add rel="noopener noreferrer" to every existing target="_blank" call
site that was missing it: the help menu and Explore link in the header
bar, the "Visit Druid" button in the about dialog, the DruidSQL docs
menu item in the workbench, the array ingest mode docs menu item in the
run panel, the flattenSpec help button in the load-data view, and the
"Learn more" button in the SQL data loader schema step.
Snapshot tests are updated to match the new rendered HTML; no other
behavior changes.
---
.../header-bar/__snapshots__/header-bar.spec.tsx.snap | 5 +++++
web-console/src/components/header-bar/header-bar.tsx | 12 +++++++++++-
.../about-dialog/__snapshots__/about-dialog.spec.tsx.snap | 1 +
web-console/src/dialogs/about-dialog/about-dialog.tsx | 7 ++++++-
web-console/src/views/load-data-view/load-data-view.tsx | 1 +
.../views/sql-data-loader-view/schema-step/schema-step.tsx | 1 +
web-console/src/views/workbench-view/run-panel/run-panel.tsx | 1 +
web-console/src/views/workbench-view/workbench-view.tsx | 1 +
8 files changed, 27 insertions(+), 2 deletions(-)
diff --git
a/web-console/src/components/header-bar/__snapshots__/header-bar.spec.tsx.snap
b/web-console/src/components/header-bar/__snapshots__/header-bar.spec.tsx.snap
index ebc7d41bbc5..a8209e5bfc8 100644
---
a/web-console/src/components/header-bar/__snapshots__/header-bar.spec.tsx.snap
+++
b/web-console/src/components/header-bar/__snapshots__/header-bar.spec.tsx.snap
@@ -179,6 +179,7 @@ exports[`HeaderBar matches snapshot 1`] = `
}
multiline={false}
popoverProps={{}}
+ rel="noopener noreferrer"
selected={false}
shouldDismissPopover={true}
target="_blank"
@@ -390,6 +391,7 @@ exports[`HeaderBar matches snapshot 1`] = `
icon="th"
multiline={false}
popoverProps={{}}
+ rel="noopener noreferrer"
shouldDismissPopover={true}
target="_blank"
text="Docs"
@@ -401,6 +403,7 @@ exports[`HeaderBar matches snapshot 1`] = `
icon="user"
multiline={false}
popoverProps={{}}
+ rel="noopener noreferrer"
shouldDismissPopover={true}
target="_blank"
text="User group"
@@ -412,6 +415,7 @@ exports[`HeaderBar matches snapshot 1`] = `
icon="chat"
multiline={false}
popoverProps={{}}
+ rel="noopener noreferrer"
shouldDismissPopover={true}
target="_blank"
text="Slack channel"
@@ -423,6 +427,7 @@ exports[`HeaderBar matches snapshot 1`] = `
icon="git-branch"
multiline={false}
popoverProps={{}}
+ rel="noopener noreferrer"
shouldDismissPopover={true}
target="_blank"
text="GitHub"
diff --git a/web-console/src/components/header-bar/header-bar.tsx
b/web-console/src/components/header-bar/header-bar.tsx
index 63bc0626f7c..7cd34094bc9 100644
--- a/web-console/src/components/header-bar/header-bar.tsx
+++ b/web-console/src/components/header-bar/header-bar.tsx
@@ -133,6 +133,7 @@ export const HeaderBar = React.memo(function
HeaderBar(props: HeaderBarProps) {
disabled={!capabilities.hasSql()}
selected={activeView === 'explore'}
target="_blank"
+ rel="noopener noreferrer"
/>
</Menu>
);
@@ -140,24 +141,33 @@ export const HeaderBar = React.memo(function
HeaderBar(props: HeaderBarProps) {
const helpMenu = (
<Menu>
<MenuItem icon={IconNames.GRAPH} text="About" onClick={() =>
setAboutDialogOpen(true)} />
- <MenuItem icon={IconNames.TH} text="Docs" href={getLink('DOCS')}
target="_blank" />
+ <MenuItem
+ icon={IconNames.TH}
+ text="Docs"
+ href={getLink('DOCS')}
+ target="_blank"
+ rel="noopener noreferrer"
+ />
<MenuItem
icon={IconNames.USER}
text="User group"
href={getLink('USER_GROUP')}
target="_blank"
+ rel="noopener noreferrer"
/>
<MenuItem
icon={IconNames.CHAT}
text="Slack channel"
href={getLink('SLACK')}
target="_blank"
+ rel="noopener noreferrer"
/>
<MenuItem
icon={IconNames.GIT_BRANCH}
text="GitHub"
href={getLink('GITHUB')}
target="_blank"
+ rel="noopener noreferrer"
/>
</Menu>
);
diff --git
a/web-console/src/dialogs/about-dialog/__snapshots__/about-dialog.spec.tsx.snap
b/web-console/src/dialogs/about-dialog/__snapshots__/about-dialog.spec.tsx.snap
index dfaefe053e1..bf21a26905b 100644
---
a/web-console/src/dialogs/about-dialog/__snapshots__/about-dialog.spec.tsx.snap
+++
b/web-console/src/dialogs/about-dialog/__snapshots__/about-dialog.spec.tsx.snap
@@ -140,6 +140,7 @@ exports[`AboutDialog matches snapshot 1`] = `
aria-disabled="false"
class="bp5-button bp5-intent-primary"
href="https://druid.apache.org";
+ rel="noopener noreferrer"
role="button"
target="_blank"
>
diff --git a/web-console/src/dialogs/about-dialog/about-dialog.tsx
b/web-console/src/dialogs/about-dialog/about-dialog.tsx
index d7546b06976..b3c725f08c1 100644
--- a/web-console/src/dialogs/about-dialog/about-dialog.tsx
+++ b/web-console/src/dialogs/about-dialog/about-dialog.tsx
@@ -57,7 +57,12 @@ export const AboutDialog = React.memo(function
AboutDialog(props: AboutDialogPro
<div className={Classes.DIALOG_FOOTER}>
<div className={Classes.DIALOG_FOOTER_ACTIONS}>
<Button onClick={onClose}>Close</Button>
- <AnchorButton intent={Intent.PRIMARY} href={getLink('WEBSITE')}
target="_blank">
+ <AnchorButton
+ intent={Intent.PRIMARY}
+ href={getLink('WEBSITE')}
+ target="_blank"
+ rel="noopener noreferrer"
+ >
Visit Druid
</AnchorButton>
</div>
diff --git a/web-console/src/views/load-data-view/load-data-view.tsx
b/web-console/src/views/load-data-view/load-data-view.tsx
index 59d1c1c09f3..0c16ae75790 100644
--- a/web-console/src/views/load-data-view/load-data-view.tsx
+++ b/web-console/src/views/load-data-view/load-data-view.tsx
@@ -1767,6 +1767,7 @@ export class LoadDataView extends
React.PureComponent<LoadDataViewProps, LoadDat
icon={IconNames.INFO_SIGN}
href={`${getLink('DOCS')}/ingestion/data-formats#flattenspec`}
target="_blank"
+ rel="noopener noreferrer"
minimal
/>
</FormGroup>
diff --git
a/web-console/src/views/sql-data-loader-view/schema-step/schema-step.tsx
b/web-console/src/views/sql-data-loader-view/schema-step/schema-step.tsx
index d73778f1ee9..34b2d14f0b3 100644
--- a/web-console/src/views/sql-data-loader-view/schema-step/schema-step.tsx
+++ b/web-console/src/views/sql-data-loader-view/schema-step/schema-step.tsx
@@ -985,6 +985,7 @@ export const SchemaStep = function SchemaStep(props:
SchemaStepProps) {
text="Learn more..."
href={`${getLink('DOCS')}/ingestion/schema-model#primary-timestamp`}
target="_blank"
+ rel="noopener noreferrer"
intent={Intent.WARNING}
minimal
/>
diff --git a/web-console/src/views/workbench-view/run-panel/run-panel.tsx
b/web-console/src/views/workbench-view/run-panel/run-panel.tsx
index 1c2d0b75108..b347db8b00d 100644
--- a/web-console/src/views/workbench-view/run-panel/run-panel.tsx
+++ b/web-console/src/views/workbench-view/run-panel/run-panel.tsx
@@ -478,6 +478,7 @@ export const RunPanel = React.memo(function RunPanel(props:
RunPanelProps) {
text="Documentation"
href={`${getLink('DOCS')}/querying/arrays#arrayingestmode`}
target="_blank"
+ rel="noopener noreferrer"
/>
</MenuItem>
<MenuBoolean
diff --git a/web-console/src/views/workbench-view/workbench-view.tsx
b/web-console/src/views/workbench-view/workbench-view.tsx
index 9fdd778b9c1..1b61be3d4eb 100644
--- a/web-console/src/views/workbench-view/workbench-view.tsx
+++ b/web-console/src/views/workbench-view/workbench-view.tsx
@@ -867,6 +867,7 @@ export class WorkbenchView extends
React.PureComponent<WorkbenchViewProps, Workb
text="DruidSQL documentation"
href={getLink('DOCS_SQL')}
target="_blank"
+ rel="noopener noreferrer"
/>
)}
{queryEngines.includes('sql-msq-task') &&
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
