(flink) branch master updated: [FLINK-35532][Runtime/Web Frontend] Prevent Cross-Site Authentication (XSA) attacks on Flink dashboard

Thu, 06 Jun 2024 03:33:07 -0700 

This is an automated email from the ASF dual-hosted git repository.

hong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git


The following commit(s) were added to refs/heads/master by this push:
     new ceb4db4d88a [FLINK-35532][Runtime/Web Frontend] Prevent Cross-Site 
Authentication (XSA) attacks on Flink dashboard
ceb4db4d88a is described below

commit ceb4db4d88a91546a179cc9fe1bc86ea1d7bb42a
Author: Hong Teoh <lian...@amazon.com>
AuthorDate: Wed Jun 5 16:15:44 2024 +0000

    [FLINK-35532][Runtime/Web Frontend] Prevent Cross-Site Authentication (XSA) 
attacks on Flink dashboard
---
 .../pages/job-manager/profiler/job-manager-profiler.component.html  | 6 +++++-
 .../task-manager/profiler/task-manager-profiler.component.html      | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git 
a/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html
 
b/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html
index 16429b41fe0..5df8c46a7d2 100644
--- 
a/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html
+++ 
b/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html
@@ -107,7 +107,11 @@
           <ng-template #titleTemplate>
             <span>
               Please refer to
-              <a href="https://github.com/async-profiler/async-profiler/wiki";>
+              <a
+                href="https://github.com/async-profiler/async-profiler/wiki";
+                target="_blank"
+                rel="noopener noreferrer"
+              >
                 async-profiler's wiki
               </a>
               for more detailed info of this feature.
diff --git 
a/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html
 
b/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html
index 405f28110e7..e9cef22b49c 100644
--- 
a/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html
+++ 
b/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html
@@ -107,7 +107,11 @@
           <ng-template #titleTemplate>
             <span>
               Please refer to
-              <a href="https://github.com/async-profiler/async-profiler/wiki";>
+              <a
+                href="https://github.com/async-profiler/async-profiler/wiki";
+                target="_blank"
+                rel="noopener noreferrer"
+              >
                 async-profiler's wiki
               </a>
               for more detailed info of this feature.

Reply via email to