Closed lpmi-13 closed 4 years ago
conflicts resolved.
I don't think we need noreferrer and noopener for our own event sites? Those are the global appsecs and the virtual appsec days. In fact, we want to know that a person got to our event from our own homepage.
Also, under _includes/evnt-footer.html, the links already have a rel='sponsored' so the tags for noreferrer and noopener should be added to that.
sure, that makes sense. So to confirm, in _includes/banner.html
and _includes/owasp-global-events.html
, I'll remove noreferrer
from the commit?
And I had a question about the rel='sponsored'
links...it looks like there aren't any additional noopener
attributes being added to those, but it could be that I'm looking in the wrong place.
Is https://www.netsparker.com one of the sponsored links you were referring to?
Yes. What I meant was that the rel='sponsored' item was there but the commit had another rel='noreferrer noopener'. It should probably combine those (as you did for others) to rel='sponsored noreferrer noopener'. Thanks for your help!
Thanks @hblankenship good catch!
ha...totally missed that (it's been a long couple of weeks...I'm sure everyone can relate). Yes, absolutely, have committed the suggestions added by @kingthorin (cool feature, that!), and will fix the other links now.
I've been following the OWASP project for a few years now, and have always been wanting to get involved. Never been able to, so jumped at the chance to make a few simple contributions to the new site (looks great, btw!).
Please lemme know if there's anything else that should be updated.
as an aside, "noreferrer" is usually advocated for older browsers (ie, IE 11) that don't support "noopener", so if we don't care about older browsers, I can easily remove the "noreferrer" from this PR.