Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit components and ensure secure links are generated #3258

Closed
jportner opened this issue Apr 6, 2020 · 3 comments
Closed

Audit components and ensure secure links are generated #3258

jportner opened this issue Apr 6, 2020 · 3 comments
Labels

Comments

@jportner
Copy link
Contributor

jportner commented Apr 6, 2020

Currently, if you use EuiLink to create a link, it implements a security control that uses the href property to calculate the appropriate rel attribute (added in #337). This is needed to ensure that potentially malicious external websites cannot modify the DOM of the source page.

However, other components that support the href property (such as EuiBadge and EuiListGroupItem) do not set the rel attribute. We should audit all of the EUI components to find what gaps exist, and ideally put a linter rule in place to prevent regressions in the future.

@chandlerprall
Copy link
Contributor

To address, we need to:

  • automate detection of these instances (e.g. eslint rule), use it to audit existing code and prevent regressions
  • fix detected instances

@Marvin9
Copy link
Contributor

Marvin9 commented Apr 7, 2020

@chandlerprall Can work on it?

@chandlerprall
Copy link
Contributor

Resolved by #3272

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants