My Tribute Page - What do you think about it?

My Tribute Page - What do you think about it?
0

#1

Hi this is my first project for the FCC! I try to use everything i learned and even more (except for the JQuery).
What do you think about it?
P.D: I’m not so good choosing colors or design templates i think.
P.D2: I’m not an English speaker so if you see something written wrong tell me :grin:

Luis Zambrano Tribute Page


#2

Hi @JScars,

CSS inspector:

  • Line 20, duplicated padding-left:
#titulo-div h1 {
 ...  
  padding-left: 1em;
  font-size: 2em;
  padding: 0;
  padding-left: 0.3em;
}


HTML:

Is better not use the style attribute:

<img style="margin-top:10px; padding-right:20px; float:left" src="http://www.rinconartesanal.com/images/luis-zambrano3.jpg" class="img-responsive" alt="Luis Zambrano Photo" title="Luis Zambrano">

Because, you have multiple styles sources (That’s make the page more difficult to review.):

  • The CSS tab
  • Every element on the html with the style attribute

MDN documentation:
https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/style

The style global attribute contains CSS styling declarations to be applied to the element. Note that it is recommended for styles to be defined in a separate file or files. This attribute and the <style> element have mainly the purpose of allowing for quick styling, for example for testing purposes.


  • Target blank vulnerability
<a href="https://forum.freecodecamp.org/u/JScars" target="blank">JavScars</a> 

MDN documentation:

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a

Note: When using target, consider adding rel="noopener noreferrer"
to avoid exploitation of the window.opener API.

https://mathiasbynens.github.io/rel-noopener/

TL;DR If window.opener is set, a page can trigger a navigation in the opener regardless of security origin.

https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

People using target=’_blank’ links usually have no idea about this curious fact:
The page we’re linking to gains partial access to the linking page via the window.opener object.
The newly opened tab can, say, change the window.opener.location to some phishing page. Or execute some JavaScript on the opener-page on your behalf… Users trust the page that is already opened, they won’t get suspicious.

How to fix
Add this to your outgoing links.

rel="noopener"

Update: FF does not support “noopener” so add this.

rel="noopener noreferrer"

Remember, that every time you open a new window via window.open(); you’re also “vulnerable” to this, so always reset the “opener” property

var newWnd = window.open();
newWnd.opener = null;


Cheers and happy coding :slight_smile:


#3

I know i need to clean the style haha i’ll do it…
i do the target blank because the video said so :confused: but i’ll fix it too


#4

Woah i didn’t have idea of that security vulnerability :hushed:!
I fixed everything, i think