fix: add better security tags to links for opening in separate tabs#2989
fix: add better security tags to links for opening in separate tabs#2989sammdec wants to merge 1 commit into
Conversation
Linked FindingsAAV-15 Untrusted IPFS Content Rendering on Trusted Domain
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
📦 Next.js Bundle Analysis for aave-uiThis analysis was generated by the Next.js Bundle Analysis action. 🤖
|
| Page | Size (compressed) |
|---|---|
global |
1.15 MB (🟡 +77 B) |
Details
The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.
Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis
If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!
Two Pages Changed Size
The following pages changed size from the code in this PR compared to its base branch:
| Page | Size (compressed) | First Load |
|---|---|---|
/governance/ipfs-preview |
102.05 KB (🟡 +9 B) |
1.25 MB |
/governance/v3/proposal |
125.56 KB (🟡 +9 B) |
1.27 MB |
Details
Only the gzipped size is provided here based on an expert tip.
First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.
Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis
Next to the size is how much the size has increased or decreased compared with the base branch of this PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this.
2 participants
Summary
target="_blank"andrel="noopener noreferrer"to markdown-rendered<a>tags inProposalOverview, so external links in proposal descriptions (including untrusted IPFS content rendered by/governance/ipfs-preview) open in a new tab and cannot accesswindow.opener.Linear: AAV-15
Test plan
/governance/v3/proposal/...with markdown links in the description — links open in a new tab.target="_blank"andrel="noopener noreferrer"./governance/ipfs-preview?ipfsHash=<valid hash>and confirm description links also carry the safety attributes.