Skip to content

fix(#290): add noopener to download fallback#328

Open
Shreya-nipunge wants to merge 1 commit into
SamXop123:mainfrom
Shreya-nipunge:fix-290-download-noopener
Open

fix(#290): add noopener to download fallback#328
Shreya-nipunge wants to merge 1 commit into
SamXop123:mainfrom
Shreya-nipunge:fix-290-download-noopener

Conversation

@Shreya-nipunge

Copy link
Copy Markdown
Contributor

Description

Adds noopener,noreferrer to the landing page download fallback that opens the GitHub releases page in a new tab.

Previously, the fallback used window.open(..., "_blank") without opener protection, which could allow the newly opened page to retain access to window.opener.

Related Issue

Fixes #290

Changes Made

  • Updated the fallback window.open() call in landing/src/components/DownloadButton.tsx
  • Added "noopener,noreferrer" as the third argument
  • Kept the change minimal and limited to the affected fallback path

Security Impact

Prevents the opened tab from accessing window.opener, following recommended security practices for links opened in a new tab.

Testing

  • Verified the diff only modifies landing/src/components/DownloadButton.tsx
  • Ran git diff --check
  • Inspected the fallback path to confirm noopener,noreferrer is applied

Notes

  • Attempted to run npm.cmd run lint, but linting could not complete because eslint was not installed/resolvable in the local landing environment.

@vercel

vercel Bot commented Jul 2, 2026

Copy link
Copy Markdown

@Shreya-nipunge is attempting to deploy a commit to the Dot_NotSam's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are limited based on label configuration.

🏷️ Required labels (at least one) (1)
  • review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9203ba45-00aa-41e5-b5df-e8811212be13

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add noopener to download fallback

1 participant