github/deer-flow
1
0
Fork 0
mirror of https://github.com/bytedance/deer-flow.git synced 2026-04-25 11:18:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(frontend): resolve invalid HTML nesting and tabnabbing vulnerabilities (#1904)

Browse Source 
* fix(frontend): resolve invalid HTML nesting and tabnabbing vulnerabilities

Fix `<button>` inside `<a>` invalid HTML in artifact components and add
missing `noopener,noreferrer` to `window.open` calls to prevent reverse
tabnabbing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(frontend): address Copilot review on tabnabbing and double-tab-open

Remove redundant parent onClick on web_fetch ChainOfThoughtStep to
prevent opening two tabs on link click, and explicitly null out
window.opener after window.open() for defensive tabnabbing hardening.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
yangzheli 2026-04-07 09:44:17 +08:00 committed by GitHub
parent 2d068cc075
commit 3acdf79beb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 45 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
frontend/src/components/workspace/artifacts/artifact-file-detail.tsx
View File

@ -188,17 +188,19 @@ export function ArtifactFileDetail({
</Tooltip> </Tooltip>
)} )}
{!isWriteFile && ( {!isWriteFile && (
<a
href={urlOfArtifact({ filepath, threadId })}
target="_blank"
rel="noopener noreferrer"
>
<ArtifactAction <ArtifactAction
icon={SquareArrowOutUpRightIcon} icon={SquareArrowOutUpRightIcon}
label={t.common.openInNewWindow} label={t.common.openInNewWindow}
tooltip={t.common.openInNewWindow} tooltip={t.common.openInNewWindow}
onClick={() => {
const w = window.open(
urlOfArtifact({ filepath, threadId }),
"_blank",
"noopener,noreferrer",
);
if (w) w.opener = null;
}}
/> />
</a>
)} )}
{isCodeFile && ( {isCodeFile && (
<ArtifactAction <ArtifactAction
@ -218,17 +220,19 @@ export function ArtifactFileDetail({
/> />
)} )}
{!isWriteFile && ( {!isWriteFile && (
<a
href={urlOfArtifact({ filepath, threadId, download: true })}
target="_blank"
rel="noopener noreferrer"
>
<ArtifactAction <ArtifactAction
icon={DownloadIcon} icon={DownloadIcon}
label={t.common.download} label={t.common.download}
tooltip={t.common.download} tooltip={t.common.download}
onClick={() => {
const w = window.open(
urlOfArtifact({ filepath, threadId, download: true }),
"_blank",
"noopener,noreferrer",
);
if (w) w.opener = null;
}}
/> />
</a>
)} )}
<ArtifactAction <ArtifactAction
icon={XIcon} icon={XIcon}

4
frontend/src/components/workspace/artifacts/artifact-file-list.tsx
View File

@ -104,6 +104,7 @@ export function ArtifactFileList({
{t.common.install} {t.common.install}
</Button> </Button>
)} )}
<Button variant="ghost" asChild>
<a <a
href={urlOfArtifact({ href={urlOfArtifact({
filepath: file, filepath: file,
@ -114,11 +115,10 @@ export function ArtifactFileList({
rel="noopener noreferrer" rel="noopener noreferrer"
onClick={(e) => e.stopPropagation()} onClick={(e) => e.stopPropagation()}
> >
<Button variant="ghost">
<DownloadIcon className="size-4" /> <DownloadIcon className="size-4" />
{t.common.download} {t.common.download}
</Button>
</a> </a>
</Button>
</CardAction> </CardAction>
</CardHeader> </CardHeader>
</Card> </Card>

11
frontend/src/components/workspace/messages/message-group.tsx
View File

@ -280,16 +280,17 @@ function ToolCall({
return ( return (
<ChainOfThoughtStep <ChainOfThoughtStep
key={id} key={id}
className="cursor-pointer"
label={t.toolCalls.viewWebPage} label={t.toolCalls.viewWebPage}
icon={GlobeIcon} icon={GlobeIcon}
onClick={() => {
window.open(url, "_blank");
}}
> >
<ChainOfThoughtSearchResult> <ChainOfThoughtSearchResult>
{url && ( {url && (
<a href={url} target="_blank" rel="noopener noreferrer"> <a
href={url}
target="_blank"
rel="noopener noreferrer"
className="cursor-pointer"
>
{title} {title}
</a> </a>
)} )}