Skip to content

Address security vulnerability when images are opened in a new tab#8318

Merged
akhenry merged 6 commits into
masterfrom
fix-iimagery-vulnerability
May 18, 2026
Merged

Address security vulnerability when images are opened in a new tab#8318
akhenry merged 6 commits into
masterfrom
fix-iimagery-vulnerability

Conversation

@shefalijoshi

@shefalijoshi shefalijoshi commented May 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Closes #8319

Describe your changes:

Check that image urls are secure.
Prevent tabnabbing.
Add e2e test

All Submissions:

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Is this a notable change that will require a special callout in the release notes? For example, will this break compatibility with existing APIs or projects that consume these plugins?

Author Checklist

  • Changes address original issue?
  • Tests included and/or updated with changes?
  • Has this been smoke tested?
  • Have you associated this PR with a type: label? Note: this is not necessarily the same as the original issue.
  • Have you associated a milestone with this PR? Note: leave blank if unsure.
  • Testing instructions included in associated issue OR is this a dependency/testcase change?

Reviewer Checklist

  • Changes appear to address issue?
  • Reviewer has tested changes by following the provided instructions?
  • Changes appear not to be breaking changes?
  • Appropriate automated tests included?
  • Code style and in-line documentation are appropriate?

@shefalijoshi shefalijoshi added type:enhancement type:maintenance tests, chores, or project maintenance and removed type:enhancement labels May 8, 2026
@codecov

codecov Bot commented May 8, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 68.75000% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.16%. Comparing base (3aaa0f0) to head (758a144).

Files with missing lines Patch % Lines
...plugins/imagery/actions/OpenImageInNewTabAction.js 68.75% 5 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #8318   +/-   ##
=======================================
  Coverage   57.15%   57.16%           
=======================================
  Files         728      728           
  Lines       29703    29717   +14     
  Branches     2811     2811           
=======================================
+ Hits        16978    16987    +9     
- Misses      12385    12390    +5     
  Partials      340      340
Flag Coverage Δ
e2e-ci 64.44% <68.75%> (+0.01%) ⬆️
e2e-full 39.39% <0.00%> (-0.05%) ⬇️
unit 46.34% <0.00%> (-0.03%) ⬇️
Files with missing lines Coverage Δ
...plugins/imagery/actions/OpenImageInNewTabAction.js 81.48% <68.75%> (-18.52%) ⬇️

... and 2 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3aaa0f0...758a144. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@shefalijoshi shefalijoshi requested a review from akhenry May 8, 2026 13:19
@shefalijoshi shefalijoshi added this to the Next milestone May 8, 2026
@shefalijoshi shefalijoshi requested a review from jvigliotta May 12, 2026 18:09
akhenry
akhenry requested changes May 13, 2026
View reviewed changes
Comment thread src/plugins/imagery/actions/OpenImageInNewTabAction.js Outdated
@shefalijoshi shefalijoshi requested a review from akhenry May 18, 2026 15:40
@akhenry akhenry merged commit 62cdc2c into master May 18, 2026
22 of 23 checks passed
@akhenry akhenry deleted the fix-iimagery-vulnerability branch May 18, 2026 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akhenry akhenry akhenry approved these changes
@jvigliotta jvigliotta Awaiting requested review from jvigliotta

Assignees

No one assigned

Labels

type:maintenance tests, chores, or project maintenance

Projects

None yet

Milestone

Next

Development

Successfully merging this pull request may close these issues.

Imagery - open in new tab has security vulnerabilities

2 participants

@shefalijoshi @akhenry