Add rel=nofollow to external facing links on website#5219
Open
muratclk wants to merge 1 commit intogoogle:masterfrom
Open
Add rel=nofollow to external facing links on website#5219muratclk wants to merge 1 commit intogoogle:masterfrom
muratclk wants to merge 1 commit intogoogle:masterfrom
Conversation
Add rel="nofollow" to external-facing links to discourage search engine crawlers from promoting potentially malicious pages linked from vulnerability references. Changes: - vulnerability.html: Add nofollow to all data-driven links (source links, references, CVSS calculators, commit links, package links, credit contacts) - home.html: Add nofollow to third-party repository links - linter/index.html: Add nofollow to external tool link - blog: Add Hugo render hook to automatically apply nofollow to external links in blog post content Trusted domains (deps.dev, google.github.io, ossf.github.io, github.com/google/*, security.googleblog.com, osv.dev) are allowlisted and do not receive nofollow. Fixes google#4644
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
rel="nofollow"to external-facing links on the OSV website to discourage search engine crawlers from promoting potentially malicious pages linked from vulnerability references.Fixes #4644
Changes
Templates (
gcp/website/frontend3/src/templates/)nofollowto all data-driven links:human_source_link,source_link)reference.url)package_in_ecosystem)nofollowto third-party data source repository links (GitHub Advisory Database, PyPA, RustSec, Cloud Security Alliance)nofollowto external OSV-Linter tool linkBlog (
gcp/website/blog/)layouts/_default/_markup/render-link.html) that automatically appliesnofollowto external links in blog post markdown contentTrusted Domain Allowlist
The following domains are considered trusted and do not receive
nofollow:google.github.io(OSV docs, scanner docs)ossf.github.io(OSV schema specification)deps.dev(open source insights)security.googleblog.comgithub.com/google/*(Google repositories)osv.dev/api.osv.devTest Plan
rel="nofollow noopener noreferrer"on reference URLs and source linksnofollownofollownofollow