admin/dify
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: frontend security risk (#2355)

Browse Source
This commit is contained in:
Joel
2024-02-02 15:24:17 +08:00
committed by GitHub
parent a8f23ed712
commit a667d04e53
32 changed files with 59 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
web/app/components/header/account-about/index.tsx
View File

@@ -47,10 +47,10 @@ export default function AccountAbout({
<div className='text-[#1C64F2]'>
{
IS_CE_EDITION
? <Link href={'https://github.com/langgenius/dify/blob/main/LICENSE'} target='_blank'>Open Source License</Link>
? <Link href={'https://github.com/langgenius/dify/blob/main/LICENSE'} target='_blank' rel='noopener noreferrer'>Open Source License</Link>
: <>
<Link href={language !== LanguagesSupportedUnderscore[1] ? 'https://docs.dify.ai/user-agreement/privacy-policy' : 'https://docs.dify.ai/v/zh-hans/user-agreement/privacy-policy'} target='_blank'>Privacy Policy</Link>,
<Link href={language !== LanguagesSupportedUnderscore[1] ? 'https://docs.dify.ai/user-agreement/terms-of-service' : 'https://docs.dify.ai/v/zh-hans/user-agreement/terms-of-service'} target='_blank'>Terms of Service</Link>
<Link href={language !== LanguagesSupportedUnderscore[1] ? 'https://docs.dify.ai/user-agreement/privacy-policy' : 'https://docs.dify.ai/v/zh-hans/user-agreement/privacy-policy'} target='_blank' rel='noopener noreferrer'>Privacy Policy</Link>,
<Link href={language !== LanguagesSupportedUnderscore[1] ? 'https://docs.dify.ai/user-agreement/terms-of-service' : 'https://docs.dify.ai/v/zh-hans/user-agreement/terms-of-service'} target='_blank' rel='noopener noreferrer'>Terms of Service</Link>
</>
}
</div>
@@ -69,7 +69,7 @@ export default function AccountAbout({
<Link
className={classNames(buttonClassName, 'mr-2')}
href={'https://github.com/langgenius/dify/releases'}
target='_blank'
target='_blank' rel='noopener noreferrer'
>
{t('common.about.changeLog')}
</Link>
@@ -78,7 +78,7 @@ export default function AccountAbout({
<Link
className={classNames(buttonClassName, 'text-primary-600')}
href={langeniusVersionInfo.release_notes}
target='_blank'
target='_blank' rel='noopener noreferrer'
>
{t('common.about.updateNow')}
</Link>

8
web/app/components/header/account-dropdown/index.tsx
View File

@@ -62,7 +62,7 @@ export default function AppSelector({ isMobile }: IAppSelecotr) {
<Avatar name={userProfile.name} className='sm:mr-2 mr-0' size={32} />
{!isMobile && <>
{userProfile.name}
<ChevronDown className="w-3 h-3 ml-1 text-gray-700"/>
<ChevronDown className="w-3 h-3 ml-1 text-gray-700" />
</>}
</Menu.Button>
</div>
@@ -105,7 +105,7 @@ export default function AppSelector({ isMobile }: IAppSelecotr) {
<Link
className={classNames(itemClassName, 'group justify-between')}
href='https://feedback.dify.ai/'
target='_blank'>
target='_blank' rel='noopener noreferrer'>
<div>{t('common.userProfile.roadmapAndFeedback')}</div>
<ArrowUpRight className='hidden w-[14px] h-[14px] text-gray-500 group-hover:flex' />
</Link>
@@ -114,7 +114,7 @@ export default function AppSelector({ isMobile }: IAppSelecotr) {
<Link
className={classNames(itemClassName, 'group justify-between')}
href='https://discord.gg/5AEfbxcd9k'
target='_blank'>
target='_blank' rel='noopener noreferrer'>
<div>{t('common.userProfile.community')}</div>
<ArrowUpRight className='hidden w-[14px] h-[14px] text-gray-500 group-hover:flex' />
</Link>
@@ -125,7 +125,7 @@ export default function AppSelector({ isMobile }: IAppSelecotr) {
href={
language !== LanguagesSupportedUnderscore[1] ? 'https://docs.dify.ai/' : `https://docs.dify.ai/v/${locale.toLowerCase()}/`
}
target='_blank'>
target='_blank' rel='noopener noreferrer'>
<div>{t('common.userProfile.helpCenter')}</div>
<ArrowUpRight className='hidden w-[14px] h-[14px] text-gray-500 group-hover:flex' />
</Link>

2
web/app/components/header/account-setting/api-based-extension-page/empty.tsx
View File

@@ -14,7 +14,7 @@ const Empty = () => {
<a
className='flex items-center mb-2 h-[18px] text-xs text-primary-600'
href={t('common.apiBasedExtension.linkUrl') || '/'}
target='_blank'
target='_blank' rel='noopener noreferrer'
>
<BookOpen01 className='mr-1 w-3 h-3' />
{t('common.apiBasedExtension.link')}

4
web/app/components/header/account-setting/api-based-extension-page/modal.tsx
View File

@@ -74,7 +74,7 @@ const ApiBasedExtensionModal: FC<ApiBasedExtensionModalProps> = ({
return (
<Modal
isShow
onClose={() => {}}
onClose={() => { }}
wrapperClassName='!z-[103]'
className='!p-8 !pb-6 !max-w-none !w-[640px]'
>
@@ -101,7 +101,7 @@ const ApiBasedExtensionModal: FC<ApiBasedExtensionModalProps> = ({
{t('common.apiBasedExtension.modal.apiEndpoint.title')}
<a
href={t('common.apiBasedExtension.linkUrl') || '/'}
target='_blank'
target='_blank' rel='noopener noreferrer'
className='group flex items-center text-xs text-gray-500 font-normal hover:text-primary-600'
>
<BookOpen01 className='mr-1 w-3 h-3 text-gray-500 group-hover:text-primary-600' />

2
web/app/components/header/account-setting/model-provider-page/model-modal/index.tsx
View File

@@ -247,7 +247,7 @@ const ModelModal: FC<ModelModalProps> = ({
? (
<a
href={provider.help?.url[language]}
target='_blank'
target='_blank' rel='noopener noreferrer'
className='inline-flex items-center text-xs text-primary-600'
onClick={e => !provider.help.url && e.preventDefault()}
>

2
web/app/components/header/github-star/index.tsx
View File

@@ -36,7 +36,7 @@ const GithubStar = () => {
return (
<a
href='https://github.com/langgenius/dify'
target='_blank'
target='_blank' rel='noopener noreferrer'
className='flex items-center leading-[18px] border border-gray-200 rounded-md text-xs text-gray-700 font-semibold overflow-hidden'>
<div className='flex items-center px-2 py-1 bg-gray-100'>
<Github className='mr-1 w-[18px] h-[18px]' />