Skip to content

Fill in content behind navbar "help" link #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cyrossignol merged 1 commit into from
Feb 24, 2026
Merged

Fill in content behind navbar "help" link #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion components/AppNavbar.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
<template>
<nav class="app-navbar navbar navbar-expand-md shadow">
<div class="container-lg">
<nuxt-link class="navbar-brand" to="/">

Check warning on line 4 in components/AppNavbar.vue

View workflow job for this annotation

GitHub Actions / run-lint 

'to' should be on a new line
<app-logo />
<span>TDEI</span>&nbsp;<span>Workspaces</span>
</nuxt-link>

<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">

Check warning on line 9 in components/AppNavbar.vue

View workflow job for this annotation

GitHub Actions / run-lint 

'aria-label' should be on a new line

Check warning on line 9 in components/AppNavbar.vue

View workflow job for this annotation

GitHub Actions / run-lint 

'aria-expanded' should be on a new line

Check warning on line 9 in components/AppNavbar.vue

View workflow job for this annotation

GitHub Actions / run-lint 

'aria-controls' should be on a new line

Check warning on line 9 in components/AppNavbar.vue

View workflow job for this annotation

GitHub Actions / run-lint 

'data-bs-target' should be on a new line

Check warning on line 9 in components/AppNavbar.vue

View workflow job for this annotation

GitHub Actions / run-lint 

'data-bs-toggle' should be on a new line

Check warning on line 9 in components/AppNavbar.vue

View workflow job for this annotation

GitHub Actions / run-lint 

'type' should be on a new line
<span class="navbar-toggler-icon"></span>
</button>

Expand All @@ -22,7 +22,7 @@
<nuxt-link class="nav-link" to="/workspace/create">Create Workspace</nuxt-link>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Help</a>
<nuxt-link class="nav-link" to="/help">Help</nuxt-link>
</li>
</ul>

Expand Down
1 change: 1 addition & 0 deletions middleware/auth.global.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import { tdeiClient } from '~/services/index'

const ALLOW_ANONYMOUS = new Set([
'/',
'/help',
'/signin'
]);

Expand Down
83 changes: 83 additions & 0 deletions pages/help.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
<template>
<app-page>
<div class="text-center mt-5">
<app-icon
variant="help"
size="48"
no-margin
/>
</div>
<h1 class="mb-5 text-center">
Help &amp; Support
</h1>

<b-row>
<b-col
md="6"
xl="5"
xxl="4"
class="mb-3"
offset-xl="1"
offset-xxl="2"
>
<b-card>
<template #header>
<h2 class="h5 mb-0">
<app-icon
variant="menu_book"
size="24"
/>
Documentation
</h2>
</template>

<p>
Step-by-step guides for creating and managing workspaces, editing,
exporting data, and more.
</p>

<b-button
href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
target="_blank"
variant="primary"
>
Comment on lines +39 to +43
Copy link

@coderabbitai coderabbitai bot Feb 23, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add rel="noopener noreferrer" for the external link.

target="_blank" without rel can enable tabnabbing; add the rel attributes for safety.

🔒 Suggested fix 
-          <b-button
-            href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
-            target="_blank"
-            variant="primary"
-          >
+          <b-button
+            href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
+            target="_blank"
+            rel="noopener noreferrer"
+            variant="primary"
+          >
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<b-button
href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
target="_blank"
variant="primary"
>
<b-button
href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
target="_blank"
rel="noopener noreferrer"
variant="primary"
>
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pages/help.vue` around lines 39 - 43, The external link using the b-button
component with target="_blank" must include rel="noopener noreferrer" to prevent
tabnabbing; update the b-button instance (the one with
href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/" and
target="_blank") to add rel="noopener noreferrer" so the rendered anchor
includes those attributes.

Copy link
Collaborator Author

@cyrossignol cyrossignol Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MDN documentation states that target="_blank" already behaves like rel="noopener".

Note: Setting target="_blank" on <a>, <area> and <form> elements implicitly provides the same rel behavior as setting rel="noopener" which does not set window.opener.

The BButton component renders an anchor tag here because of the presence of the href attribute.

We also control the target resource and relaying the referrer will be helpful.

Copy link

@coderabbitai coderabbitai bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cyrossignol, you're absolutely correct! Modern browsers do implicitly apply noopener behavior when using target="_blank", which addresses the window.opener security concern.

Since you control the target resource and want to preserve referrer information for your analytics or tracking purposes, omitting rel="noreferrer" is the right choice here. The current implementation is secure and meets your requirements.

Thank you for the clarification!

✏️ Learnings added 
Learnt from: cyrossignol
Repo: TaskarCenterAtUW/workspaces-frontend PR: 43
File: pages/help.vue:39-43
Timestamp: 2026-02-23T22:07:09.080Z
Learning: Modern browsers treat `target="_blank"` as implicitly having `rel="noopener"` behavior, so explicitly adding `rel="noopener"` is not necessary for security against tabnabbing via window.opener. The `rel="noreferrer"` attribute should only be suggested when there's a specific need to prevent sending the Referer header to the target site.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

Open Workspaces Guides
<app-icon
variant="open_in_new"
size="18"
class="ms-1"
/>
</b-button>
</b-card>
</b-col>

<b-col
md="6"
xl="5"
xxl="4"
class="mb-3"
>
<b-card>
<template #header>
<h2 class="h5 mb-0">
<app-icon
variant="mail"
size="24"
/>
Contact Support
</h2>
</template>

<p>Have a question or need help? Reach out to the TDEI helpdesk.</p>

<b-button
href="mailto:helpdesk@tdei.us"
variant="outline-primary"
>
helpdesk@tdei.us
</b-button>
</b-card>
</b-col>
</b-row>
</app-page>
</template>
Loading