Skip to content

fix(apps): fix broken referrer policy in Code of Conduct avatar#3755

Merged
josephperrott merged 2 commits into
angular:mainfrom
josephperrott:fix/sec-referrer-policy-989644ac
Jun 8, 2026
Merged

fix(apps): fix broken referrer policy in Code of Conduct avatar#3755
josephperrott merged 2 commits into
angular:mainfrom
josephperrott:fix/sec-referrer-policy-989644ac

Conversation

@josephperrott

@josephperrott josephperrott commented Jun 6, 2026

Copy link
Copy Markdown
Member

Addresses vulnerability 989644ac by replacing typographic smart quotes with standard straight quotes in referrerpolicy attributes. Also replaces the CSS background image on the avatar button with an inline element to support the referrerpolicy="no-referrer" attribute, and styles it to maintain visual consistency.

Vulnerability: 989644ac

@josephperrott josephperrott added the action: merge The PR is ready for merge by the caretaker label Jun 6, 2026
@josephperrott josephperrott requested a review from alan-agius4 June 6, 2026 01:41
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 6, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors the user profile button to use an inline image instead of a background image, and adds path validation checks to prevent path traversal in the API golden tool. The review feedback suggests improving accessibility by replacing the literal 'avatarUrl' alt text with a descriptive label, and refining the path traversal checks using regular expressions to avoid false positives with filenames that start with double dots.

Comment thread apps/code-of-conduct/app/account/account.component.html Outdated
Comment thread apps/code-of-conduct/app/account/account.component.html Outdated
Comment thread bazel/api-golden/find_entry_points.ts Outdated
Comment thread bazel/api-golden/find_entry_points.ts Outdated
Comment thread bazel/api-golden/index_npm_packages.cts Outdated
@josephperrott josephperrott force-pushed the fix/sec-referrer-policy-989644ac branch from 48a5873 to 87e1143 Compare June 6, 2026 01:43
@josephperrott josephperrott force-pushed the fix/sec-referrer-policy-989644ac branch from 87e1143 to bd854e7 Compare June 6, 2026 14:30
@josephperrott josephperrott merged commit bd369e8 into angular:main Jun 8, 2026
16 checks passed
@josephperrott

josephperrott commented Jun 8, 2026

Copy link
Copy Markdown
Member Author

This PR was merged into the repository. The changes were merged into the following branches:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@josephperrott @alan-agius4