fix(web): potentially unsafe external links (#1027)

* fix(web): potentially unsafe external links

* for good measure

* add noopener as well

web/src/screens/Base.tsx

@@ -207,7 +207,7 @@ export const Base = () => {
               </div>
 
               {data && data.html_url && (
-                <a href={data.html_url} target="_blank">
+                <a href={data.html_url} target="_blank" rel="noopener noreferrer">
                   <div className="flex mt-4 py-2 bg-blue-500 rounded justify-center">
                     <MegaphoneIcon className="h-6 w-6 text-blue-100"/>
                     <span className="text-blue-100 font-medium mx-3">New update available!</span>

web/src/screens/settings/Application.tsx

@@ -64,7 +64,7 @@ const RowItemVersion = ({ label, value, title, newUpdate }: RowItemProps) => {
         <span className="px-1 py-0.5 bg-gray-200 dark:bg-gray-700 rounded shadow">{value}</span>
         {newUpdate && newUpdate.html_url && (
           <span>
-            <a href={newUpdate.html_url} target="_blank"><span className="ml-2 inline-flex items-center rounded-md bg-green-100 px-2.5 py-0.5 text-sm font-medium text-green-800">{newUpdate.name} available!</span></a>
+            <a href={newUpdate.html_url} target="_blank" rel="noopener noreferrer"><span className="ml-2 inline-flex items-center rounded-md bg-green-100 px-2.5 py-0.5 text-sm font-medium text-green-800">{newUpdate.name} available!</span></a>
           </span>
         )}
       </dd>

web/src/screens/settings/Feed.tsx

@@ -322,6 +322,7 @@ const FeedItemDropdown = ({
               <a
                 href={`${baseUrl()}api/feeds/${feed.id}/latest`}
                 target="_blank"
+                rel="noopener noreferrer"
                 className={classNames(
                   active ? "bg-blue-600 text-white" : "text-gray-900 dark:text-gray-300",
                   "font-medium group flex rounded-md items-center w-full px-2 py-2 text-sm"