From d584cf373fbb74070d8312da53209653f4b6969b Mon Sep 17 00:00:00 2001
From: Hong Teoh <liangtl@amazon.com>
Date: Wed, 5 Jun 2024 16:15:44 +0000
Subject: [PATCH] [FLINK-35532][Runtime/Web Frontend] Prevent Cross-Site
 Authentication (XSA) attacks on Flink dashboard

---
 .../profiler/job-manager-profiler.component.html            | 6 +++++-
 .../profiler/task-manager-profiler.component.html           | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html b/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html
index 16429b41fe08a..5df8c46a7d2bf 100644
--- a/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html
+++ b/flink-runtime-web/web-dashboard/src/app/pages/job-manager/profiler/job-manager-profiler.component.html
@@ -107,7 +107,11 @@
           <ng-template #titleTemplate>
             <span>
               Please refer to
-              <a href="https://github.com/async-profiler/async-profiler/wiki">
+              <a
+                href="https://github.com/async-profiler/async-profiler/wiki"
+                target="_blank"
+                rel="noopener noreferrer"
+              >
                 async-profiler's wiki
               </a>
               for more detailed info of this feature.
diff --git a/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html b/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html
index 405f28110e796..e9cef22b49c91 100644
--- a/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html
+++ b/flink-runtime-web/web-dashboard/src/app/pages/task-manager/profiler/task-manager-profiler.component.html
@@ -107,7 +107,11 @@
           <ng-template #titleTemplate>
             <span>
               Please refer to
-              <a href="https://github.com/async-profiler/async-profiler/wiki">
+              <a
+                href="https://github.com/async-profiler/async-profiler/wiki"
+                target="_blank"
+                rel="noopener noreferrer"
+              >
                 async-profiler's wiki
               </a>
               for more detailed info of this feature.