fix(web): add noopener and noreferrer to external source links

[Sahilshrma31]

Description

Adds rel="noopener noreferrer" to source-code links generated by the web docs pipeline when links open in a new tab (target="_blank").

The source link rendering in jsx-ast currently opens external GitHub links in a new tab but does not set a rel attribute. This change hardens link behavior by preventing opener access and aligning with standard security best practices for external links.

Validation

I validated this by generating docs and inspecting rendered source-code links in the output HTML.

Before

Generated source links had:

target="_blank"
no rel attribute

After

Generated source links now have:

target="_blank"
rel="noopener noreferrer"

This preserves existing behavior (open in new tab) while adding safer link semantics.

Related Issues

N/A

Check List

• I have read the Contributing Guidelines and made commit messages that follow the guideline.
• I have run node --run test and all tests passed.
• I have check code formatting with node --run format & node --run lint.
• I've covered new added functionality with unit tests if necessary.

[cursor]

PR Summary

Low Risk
Low risk, single-attribute change to generated external links; main impact is link behavior/security hardening with minimal chance of regressions.

Overview
Adds rel="noopener noreferrer" to the GitHub source code links generated by createSourceLink in buildContent.mjs when opening in a new tab (target="_blank"), preventing window.opener access and aligning with external-link security best practices.

^{Reviewed by Cursor Bugbot for commit 15b232b. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
api-docs-tooling	Ready	Preview	Apr 15, 2026 2:28pm