fix: add rel="noopener noreferrer" to privacy-policy links opened in new tab

Addresses CodeRabbit review on PR #12415. Hardens the three external privacy-policy anchors with target="_blank" to prevent the opened page from accessing window.opener.
2026-05-24 06:35:10 +00:00 · 2026-05-22 07:53:38 +00:00
parent 741be80956
commit defd48b49c
3 changed files with 7 additions and 1 deletions
--- a/apps/desktop-ui/src/components/install/DesktopSettingsConfiguration.vue
+++ b/apps/desktop-ui/src/components/install/DesktopSettingsConfiguration.vue
@@ -108,7 +108,11 @@
        </ul>

        <div class="mt-4">
-          <a href="https://comfy.org/privacy-policy" target="_blank">
+          <a
+            href="https://comfy.org/privacy-policy"
+            target="_blank"
+            rel="noopener noreferrer"
+          >
            {{ $t('install.settings.dataCollectionDialog.viewFullPolicy') }}
          </a>
        </div>
--- a/apps/desktop-ui/src/views/MetricsConsentView.vue
+++ b/apps/desktop-ui/src/views/MetricsConsentView.vue
@@ -15,6 +15,7 @@
          <a
            href="https://comfy.org/privacy-policy"
            target="_blank"
+            rel="noopener noreferrer"
            class="text-blue-400 underline hover:text-blue-300"
          >
            {{ $t('install.privacyPolicy') }} </a
--- a/src/components/dialog/content/SignInContent.vue
+++ b/src/components/dialog/content/SignInContent.vue
@@ -128,6 +128,7 @@
        <a
          href="https://www.comfy.org/privacy-policy"
          target="_blank"
+          rel="noopener noreferrer"
          class="cursor-pointer text-blue-500"
        >
          {{ t('auth.login.privacyLink') }} </a