My Portfolio (created in codepen)

Code Feedback
1

My Portfolio

Hey everyone :slightly_smiling_face:
I just completed my Portfolio Project after a baffling amount of work. I am new to CSS, Bootstrap and JQuery so it involved a lot of research and learning which seemed very tedious at first but I ended up falling in love with it.
Iā€™ve observed the community here in silence so far and it is so welcoming and helpful.
This is my first post as well and Iā€™m requesting everyone who reads this to take a moment and critique my pen.
The coding is a little messed up. I apologize in advance for that and Iā€™m not sure if the overall look is pleasing or not so I would be eternally grateful for any feedback.

Thanks
xxx

2

Hi @romalina,
HTML inspector:

  • error: the <title> element cannot be a child of the <body> element:
<body> <!-- here -->

  <title> Shriti Chandra - Personal Portfolio
  </title>

...
</head> <!--- here -->
----
  • Target blank vulnerability
<a data-toggle="tooltip" title="GitHub" data-placement="top" href="https://github.com/Romalina" target="_blank">

MDN documentation:

<a>: The Anchor element - HTML: HyperText Markup Language | MDN

Note: When using target, consider adding rel=ā€œnoopener noreferrerā€
to avoid exploitation of the window.opener API.

About rel=noopener

TL;DR If window.opener is set, a page can trigger a navigation in the opener regardless of security origin.

Target="_blank" - the most underestimated vulnerability ever

People using target=ā€˜_blankā€™ links usually have no idea about this curious fact:
The page weā€™re linking to gains partial access to the linking page via the window.opener object.
The newly opened tab can, say, change the window.opener.location to some phishing page. Or execute some JavaScript on the opener-page on your behalfā€¦ Users trust the page that is already opened, they wonā€™t get suspicious.

How to fix
Add this to your outgoing links.

rel="noopener"

Update: FF does not support ā€œnoopenerā€ so add this.

rel="noopener noreferrer"

Remember, that every time you open a new window via window.open(); youā€™re also ā€œvulnerableā€ to this, so always reset the ā€œopenerā€ property

var newWnd = window.open();
newWnd.opener = null;

Cheers and happy coding :slight_smile:

1 Like
3

@Diego_Perez Thank you for your help :grinning:
I didnā€™t know all that. Iā€™ll fix it right away.

1 Like