Url fixes

[sleeping-h]

Summary by CodeRabbit

• New Features
  • Introduced a "Thank you for choosing QGIS!" page with resources for new users.
  • Added new shortcodes and JavaScript functions to enhance the download experience.
  • Updated the visual changelog page with a new shortcode for displaying funders.
  • Added a draft status to several pages for internal review and future release.
• Documentation
  • Updated links across various sections for better navigation and accessibility.
  • Improved the structure of the installation guide and reports section.
  • Enhanced case studies with better image descriptions and source paths.
• Refactor
  • Modified sidebar navigation logic for active menu item determination.
  • Adjusted HTML structure in templates for clearer content display.
• Style
  • Updated font URLs and removed specific styling rules affecting sidebar color properties.
• Tests
  • Revised test scripts to align with updates to the site structure and content.
• Chores
  • Reorganized financial and AGM document links for easier access.

[coderabbitai]

Walkthrough

The updates focus on enhancing accessibility, clarity, and structure across various sections of the QGIS documentation and website. Changes include updating link paths for better navigation, refining content visibility, and improving webpage interaction through JavaScript functions. These adjustments aim to provide a more user-friendly experience, ensuring resources are easily accessible and the community is better engaged.

Changes

File Path	Change Summary
content/community/foundation/..., content/funding/donate.md	Updated links to AGM minutes, financial reports, and donation page for better navigation and clarity.
content/community/organisation/..., content/documentation/overview.md	Improved links for translation process, election guidelines, and marked draft page for visibility.
content/product/case-studies/*.md	Enhanced image descriptions and paths for multiple case studies.
content/product/visual-changelogs/visualchangelog200/index.md	Added {{< funders-simple >}} shortcode for visual changelog page.
content/resources/..., content/security-posture.md	Updated links, added placeholder section, and included security information for reports.
themes/hugo-bulma-blocks-theme/...	Enhanced CSS, SASS, and HTML for improved navigation and usability. Added new shortcodes for functionality.
playwright/ci-test/tests/*.spec.ts	Adjusted test scripts to match website structure changes for accurate testing.
content/thank-you/index.md	Expanded content for a new "Thank you" page with useful information for users.

"In the realm of code and pixels bright,
🐇 A rabbit hopped through, with delight.
Links and paths, now friends, not foes,
Accessibility blooms, like a rose.
With each click and scroll, users find,
A smoother journey, by design.
Cheers to change, in this digital maze,
Guided by the rabbit's wise gaze." 🌟

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 30aa588 and 553d5be.

Files ignored due to path filters (32)

• content/community/foundation/agm-minutes/QGIS-AGM2016-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/agm-minutes/QGIS-AGM2017-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/agm-minutes/QGIS-AGM2018-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/agm-minutes/QGIS-AGM2019-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/agm-minutes/QGIS-AGM2020-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/agm-minutes/QGIS-AGM2021-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/agm-minutes/QGIS-AGM2022-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/agm-minutes/QGIS-AGM2023-Minutes.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2015.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2016.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2017.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2018.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2019.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2020.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2021.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2022.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-budgets/QGISBudget2023.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/Financial-Auditing-Report_QGIS-ORG_2017.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/Financial-Auditing-Report_QGIS-ORG_2018.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/Financial-Auditing-Report_QGIS-ORG_2019.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/Financial-Auditing-Report_QGIS-ORG_2020.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/Financial-Auditing-Report_QGIS-ORG_2021.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/Financial-Auditing-Report_QGIS-ORG_2022.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2014.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2015.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2016.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2017.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2018.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2019.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2020.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2021.pdf is excluded by: !**/*.pdf
• content/community/foundation/annual-financial-reports/PublicQGISfinancialreport2022.pdf is excluded by: !**/*.pdf

Files selected for processing (55)

• content/community/foundation/annual_general_meetings.md (1 hunks)
• content/community/foundation/finance.md (1 hunks)
• content/community/organisation.md (2 hunks)
• content/community/organisation/groups.md (2 hunks)
• content/community/organisation/guidelines.md (2 hunks)
• content/documentation/overview.md (1 hunks)
• content/product/case-studies/afghanistan.md (2 hunks)
• content/product/case-studies/africa_tiger.md (1 hunks)
• content/product/case-studies/antarctica.md (3 hunks)
• content/product/case-studies/argentinia_chubut.md (3 hunks)
• content/product/case-studies/australia_distance_learning.md (2 hunks)
• content/product/case-studies/australia_queens.md (1 hunks)
• content/product/case-studies/australia_snowyhydro.md (3 hunks)
• content/product/case-studies/canada_brunswick.md (5 hunks)
• content/product/case-studies/china_hydro.md (1 hunks)
• content/product/case-studies/czech_brno.md (3 hunks)
• content/product/case-studies/europe_lynx.md (2 hunks)
• content/product/case-studies/france_burgundy_region.md (3 hunks)
• content/product/case-studies/india_assam.md (2 hunks)
• content/product/case-studies/india_guwahati.md (2 hunks)
• content/product/case-studies/india_hyderabad.md (3 hunks)
• content/product/case-studies/india_pune.md (2 hunks)
• content/product/case-studies/italy_cesena.md (3 hunks)
• content/product/case-studies/italy_rome.md (4 hunks)
• content/product/case-studies/italy_turin.md (3 hunks)
• content/product/case-studies/italy_vicenza.md (3 hunks)
• content/product/case-studies/malaysia_kuala.md (3 hunks)
• content/product/case-studies/mexico_jalisco.md (3 hunks)
• content/product/case-studies/nigeria_jos.md (4 hunks)
• content/product/case-studies/portugal_coimbra.md (4 hunks)
• content/product/case-studies/portugal_evora.md (3 hunks)
• content/product/case-studies/portugal_funchal.md (3 hunks)
• content/product/case-studies/portugal_lisbon.md (1 hunks)
• content/product/case-studies/portugal_pinhel.md (2 hunks)
• content/product/case-studies/portugal_ribeira.md (3 hunks)
• content/product/case-studies/portugal_torres.md (2 hunks)
• content/product/case-studies/suisse_basel.md (2 hunks)
• content/product/case-studies/suisse_solothurn.md (2 hunks)
• content/product/case-studies/suisse_uster.md (1 hunks)
• content/product/case-studies/tanzania_udzungwa.md (3 hunks)
• content/product/case-studies/ukrainian_spt.md (2 hunks)
• content/product/case-studies/uruguay_mides.md (1 hunks)
• content/product/case-studies/usa_missouri.md (2 hunks)
• content/product/case-studies/usa_polczynski.md (2 hunks)
• content/product/visual-changelogs/visualchangelog200/index.md (1 hunks)
• content/resources/installation-guide/index.md (6 hunks)
• content/resources/reports/index.md (1 hunks)
• content/security-posture.md (1 hunks)
• themes/hugo-bulma-blocks-theme/assets/css/custom.css (1 hunks)
• themes/hugo-bulma-blocks-theme/assets/sass/bulma/components/sidebar.sass (1 hunks)
• themes/hugo-bulma-blocks-theme/layouts/partials/explore.html (2 hunks)
• themes/hugo-bulma-blocks-theme/layouts/partials/funders-simple.html (1 hunks)
• themes/hugo-bulma-blocks-theme/layouts/partials/sidebar.html (3 hunks)
• themes/hugo-bulma-blocks-theme/layouts/shortcodes/footnote.html (1 hunks)
• themes/hugo-bulma-blocks-theme/layouts/shortcodes/funders-simple.html (1 hunks)

Files skipped from review due to trivial changes (41)

• content/community/organisation.md
• content/community/organisation/guidelines.md
• content/product/case-studies/afghanistan.md
• content/product/case-studies/africa_tiger.md
• content/product/case-studies/antarctica.md
• content/product/case-studies/argentinia_chubut.md
• content/product/case-studies/australia_distance_learning.md
• content/product/case-studies/australia_queens.md
• content/product/case-studies/australia_snowyhydro.md
• content/product/case-studies/canada_brunswick.md
• content/product/case-studies/china_hydro.md
• content/product/case-studies/czech_brno.md
• content/product/case-studies/europe_lynx.md
• content/product/case-studies/france_burgundy_region.md
• content/product/case-studies/india_assam.md
• content/product/case-studies/india_guwahati.md
• content/product/case-studies/india_hyderabad.md
• content/product/case-studies/india_pune.md
• content/product/case-studies/italy_cesena.md
• content/product/case-studies/italy_rome.md
• content/product/case-studies/italy_turin.md
• content/product/case-studies/italy_vicenza.md
• content/product/case-studies/malaysia_kuala.md
• content/product/case-studies/mexico_jalisco.md
• content/product/case-studies/nigeria_jos.md
• content/product/case-studies/portugal_coimbra.md
• content/product/case-studies/portugal_evora.md
• content/product/case-studies/portugal_funchal.md
• content/product/case-studies/portugal_lisbon.md
• content/product/case-studies/portugal_pinhel.md
• content/product/case-studies/portugal_ribeira.md
• content/product/case-studies/portugal_torres.md
• content/product/case-studies/suisse_basel.md
• content/product/case-studies/suisse_solothurn.md
• content/product/case-studies/suisse_uster.md
• content/product/case-studies/tanzania_udzungwa.md
• content/product/case-studies/ukrainian_spt.md
• content/product/case-studies/uruguay_mides.md
• content/product/case-studies/usa_missouri.md
• content/product/case-studies/usa_polczynski.md
• content/resources/installation-guide/index.md

Additional comments: 6

content/community/foundation/finance.md (2)

• 17-17: The link to the "Budget 2023" PDF has been updated to use a relative path. Ensure that the new path correctly points to the intended file location. This change enhances the maintainability of links within the documentation.
• 20-74: All updated links to annual financial reports, auditing reports, and budgets from 2022 to 2014 use relative paths, which is a good practice for internal resource linking. This ensures that the documentation is more portable and less dependent on the absolute structure of the hosting environment. However, it's crucial to verify that these paths correctly resolve to the intended PDF files to avoid broken links.

Verification successful

---

The executed script successfully located the PDF files for each year from 2022 to 2014, confirming that the updated links in the documentation correctly point to existing files within the repository. This verification process found that for each year, there are corresponding budget reports, financial reports, and financial auditing reports available in both the content/community/foundation/annual-budgets/ and content/community/foundation/annual-financial-reports/ directories, as well as duplicates in the static/download/ directory. This comprehensive search across the repository ensures that the documentation's relative paths to these resources are valid, addressing the initial concern about potential broken links due to incorrect file paths.

Given this information, the review comment regarding the need to verify that the paths correctly resolve to the intended PDF files to avoid broken links has been successfully addressed. The files exist in the repository as expected, which supports the use of relative paths for linking to these resources in the documentation.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify that the updated PDF paths exist in the repository
for year in {2022..2014}; do
  fd "QGISBudget${year}.pdf" content/annual-budgets/
  fd "PublicQGISfinancialreport${year}.pdf" content/annual-financial-reports/
  fd "Financial-Auditing-Report_QGIS-ORG_${year}.pdf" content/annual-financial-reports/
done

Length of output: 5255

---

---

Script:

#!/bin/bash
# Adjusted script to search for PDF files without specifying incorrect directories
for year in {2022..2014}; do
  fd "QGISBudget${year}.pdf"
  fd "PublicQGISfinancialreport${year}.pdf"
  fd "Financial-Auditing-Report_QGIS-ORG_${year}.pdf"
done

Length of output: 4224

content/security-posture.md (2)

• 2-2: The file has been marked as a draft by adding draft: true in the front matter. This change indicates that the content is not yet intended for public viewing or is under review. It's important to confirm that this status is intentional and aligns with the current content strategy.
• 4-4: The updated content provides valuable information about the security practices, release cycles, and vulnerability management processes for QGIS. This addition enhances the transparency and accessibility of security-related information for users and contributors. Ensure that all external links are accurate and that the contact information is up-to-date.

content/community/organisation/groups.md (1)

• 123-123: The link for electing a QGIS Country Voting Member has been updated. It's crucial to verify that the new link correctly points to the intended section within the document or site. This ensures that users can easily navigate to relevant information about the election process.

content/product/visual-changelogs/visualchangelog200/index.md (1)

• 445-446: The addition of the {{< funders-simple >}} shortcode at the end of the visual changelog page is a thoughtful way to acknowledge contributions. Ensure that the shortcode renders correctly on the website and integrates well with the page's layout and overall design.

[coderabbitai]

📝 NOTE
This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [10-16]

The structural change in wrapping the <article> element with an <a> tag and adding a <span> for additional text is a good approach for enhancing the content's interactivity and clarity. However, ensure that the text within the <span> is descriptive enough for all users, including those using screen readers, to understand the link's purpose.

Regarding the use of {{ absURL "community/members/sustaining_member/" }} in the anchor tag's href attribute, it's important to ensure that user input cannot manipulate this URL to prevent potential cross-site scripting (XSS) attacks. Consider validating or sanitizing input that might affect this URL and review the Content Security Policy (CSP) settings to mitigate such risks.

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 553d5be and fda9efc.

Files selected for processing (4)

• content/community/groups.md (2 hunks)
• content/community/organisation.md (2 hunks)
• content/community/organisation/guidelines.md (2 hunks)
• themes/hugo-bulma-blocks-theme/layouts/partials/funders-simple.html (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• content/community/organisation.md
• content/community/organisation/guidelines.md

Additional comments: 2

themes/hugo-bulma-blocks-theme/layouts/partials/funders-simple.html (1)

• 10-16: The structural change, moving the anchor tag outside the article element and adding a span element, improves the semantic structure and accessibility of the content. This change allows the entire block to be clickable, which can enhance user experience.

content/community/groups.md (1)

• 123-123: Updating the link to use a reference link within the document is a good practice for maintaining internal document consistency and ease of navigation. Ensure that the reference link correctly points to the intended section and that the section's identifier matches the reference used. This change enhances the document's usability and maintainability.

[coderabbitai]

The use of template variables in the href attribute of anchor tags raises security concerns, specifically the risk of Cross-Site Scripting (XSS) attacks. To mitigate this risk, ensure that the URL is properly sanitized and consider using a safer URL generation method, such as absURL or relURL functions provided by Hugo, to construct the URL. Additionally, implementing a Content Security Policy (CSP) can further enhance security by restricting the sources from which content can be loaded.

- <a href="{{ absURL "funding/membership" }}">
+ <a href="{{ "funding/membership" | absURL }}">

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	<a href="{{ absURL "funding/membership" }}">
	<a href="{{ "funding/membership" | absURL }}">

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between fda9efc and 065ed27.

Files selected for processing (1)

• themes/hugo-bulma-blocks-theme/layouts/partials/contextmenu.html (1 hunks)

[coderabbitai]

The use of a template variable in the href attribute of an anchor tag can introduce potential security vulnerabilities, specifically cross-site scripting (XSS) attacks. To mitigate this risk, consider the following recommendations:

• Ensure that the URL is properly sanitized and validated to prevent malicious inputs. Using a function like url_for() (if available in your templating engine) can help safely generate URLs.
• Consider starting relative URLs with a literal forward slash and concatenating the URL to prevent misuse of the javascript: URI scheme.
• Implementing a Content Security Policy (CSP) header can provide an additional layer of security against XSS attacks.

Please review and apply these recommendations to enhance the security of your application.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 065ed27 and 6436330.

Files selected for processing (2)

• content/thank-you/index.md (1 hunks)
• playwright/ci-test/tests/04-community-page.spec.ts (2 hunks)

Additional comments: 1

content/thank-you/index.md (1)

• 7-7: The addition of the url field in the front matter is correctly formatted and follows the YAML syntax. Ensure that the URL path /download/thank-you matches the intended site structure and conventions for URL paths.

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 6436330 and a13a655.

Files selected for processing (3)

• content/thank-you/index.md (1 hunks)
• playwright/ci-test/tests/04-community-page.spec.ts (2 hunks)
• themes/hugo-bulma-blocks-theme/layouts/shortcodes/usecase.html (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• playwright/ci-test/tests/04-community-page.spec.ts

Additional comments: 3

themes/hugo-bulma-blocks-theme/layouts/shortcodes/usecase.html (1)

• 4-4: The update to use an absolute URL for the image source path is a good practice for ensuring that resources are correctly located regardless of the current page's URL. However, it's important to ensure that the .Params.thumbnail variable is properly sanitized to prevent any potential security issues, such as directory traversal attacks.

content/thank-you/index.md (2)

• 1-8: The front matter metadata updates are clear and well-structured, providing essential information about the page, such as its type, title, draft status, and URL. These changes contribute to the page's organization and accessibility.
• 10-58: The content structure and use of shortcodes, such as rich-box-start, rich-content-start, and usecase, enhance the page's readability and visual appeal. However, ensure that all links, especially those using the ref shortcode (e.g., line 36 and line 49), are correctly pointing to existing resources within the project to avoid broken links. Additionally, for the image on line 52, it's good practice to ensure the alt text accurately describes the image for better accessibility.

Verification successful

Given the lack of explicit output from the script, it's necessary to run a more detailed verification to confirm the existence of the referenced markdown files and the image file. Let's execute a revised script that provides clear confirmation for each file.

---

The revised script has provided clear confirmation that all referenced files in the review comment—product/case-studies.md, community/groups.md, and product/img/groupss.jpg—exist within the project. This directly addresses the concern raised in the review comment regarding the potential for broken links and accessibility issues related to the image's alt text. Since the files are confirmed to exist, the primary concern shifts to ensuring that the links are correctly implemented and that the alt text for the image is appropriate, which cannot be verified through script execution alone.

Given the successful verification of the file existence, the next step is to ensure that the implementation details, such as the correct usage of the ref shortcode and the appropriateness of the alt text, are manually checked within the project's context.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify that the referenced markdown files exist.
fd "product/case-studies.md" && fd "community/groups.md"
# Verify that the image path is correct and the image file exists.
fd "product/img/groupss.jpg"

Length of output: 82

---

---

Script:

#!/bin/bash
# Explicitly verify the existence of each referenced file and provide clear output.

# Check for "product/case-studies.md"
if fd "product/case-studies.md"; then
  echo "Found: product/case-studies.md"
else
  echo "Not found: product/case-studies.md"
fi

# Check for "community/groups.md"
if fd "community/groups.md"; then
  echo "Found: community/groups.md"
else
  echo "Not found: community/groups.md"
fi

# Check for "product/img/groupss.jpg"
if fd "product/img/groupss.jpg"; then
  echo "Found: product/img/groupss.jpg"
else
  echo "Not found: product/img/groupss.jpg"
fi

Length of output: 287

[coderabbitai]

The static analysis tools have flagged potential security concerns with the use of template variables in anchor tags, specifically the risk of XSS attacks through the 'href' attribute. To mitigate this risk, ensure that the .RelPermalink variable is properly sanitized and consider using Hugo's built-in functions like safeURL to ensure the URL is safe to use. Additionally, implementing a Content Security Policy (CSP) header can further enhance security by restricting the sources from which content can be loaded.

- <a class="rich-list has-image mr-2 mb-2" href="{{ .RelPermalink }}" >
+ <a class="rich-list has-image mr-2 mb-2" href="{{ .RelPermalink | safeURL }}" >

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	<a class="rich-list has-image mr-2 mb-2" href="{{ .RelPermalink }}" >
	<a class="rich-list has-image mr-2 mb-2" href="{{ .RelPermalink | safeURL }}" >

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between a13a655 and ed9b197.

Files ignored due to path filters (8)

• static/download/QGIS-AGM2019-Minutes.pdf is excluded by: !**/*.pdf
• static/download/QGISAnnualReport2016.pdf is excluded by: !**/*.pdf
• static/download/QGISAnnualReport2017.pdf is excluded by: !**/*.pdf
• static/download/QGISAnnualReport2018.pdf is excluded by: !**/*.pdf
• static/download/QGISAnnualReport2019.pdf is excluded by: !**/*.pdf
• static/download/QGISAnnualReport2020.pdf is excluded by: !**/*.pdf
• static/download/QGISAnnualReport2021.pdf is excluded by: !**/*.pdf
• static/download/QGISAnnualReport2022.pdf is excluded by: !**/*.pdf

Files selected for processing (2)

• playwright/ci-test/tests/02-download-page.spec.ts (1 hunks)
• playwright/ci-test/tests/06-resources-page.spec.ts (7 hunks)

Additional comments: 7

playwright/ci-test/tests/06-resources-page.spec.ts (7)

• 36-36: The locator ID for the 'Installation guide' link has been updated from #ul-32 to #ul-26. Ensure that this change reflects the updated structure of the HTML document on the resources page. It's important to verify that the new locator correctly targets the intended element.
• 189-189: The locator ID for the 'Documentation' link has been updated to #ul-26. Similar to previous comments, verify that this locator accurately targets the 'Documentation' link within the updated page structure.
• 190-190: The locator ID for the 'Releases' link has been updated to #ul-26. Confirm that this locator is correctly identifying the 'Releases' link and that there are no other elements with similar names that could cause confusion or incorrect targeting.
• 206-206: The locator ID for the 'Roadmap' link has been updated to #ul-26. As with other locator updates, ensure this change accurately reflects the intended target within the resources page's structure.
• 238-238: The locator ID for the 'Reports' link has been updated to #ul-26. Verify that this locator correctly targets the 'Reports' section and that the updated ID is consistent with the page's current structure.
• 257-257: The locator ID for the 'Books' link has been updated to #ul-26. Ensure that this locator accurately targets the 'Books' section and that the change is in line with the updated structure of the resources page.
• 278-278: The locator ID for the 'Support' link has been updated to #ul-26. Confirm that this update correctly targets the 'Support' section and is consistent with the current structure of the resources page.

[coderabbitai]

The update from #ul-32 to #ul-26 for the locator ID seems to address a change in the website's structure. While this update is necessary for the test to continue functioning correctly, relying on numeric IDs for elements like lists can make tests brittle if the website's structure changes frequently. Consider using more stable locator strategies, such as text content or specific attributes that are less likely to change, to enhance the test's resilience against future website updates.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between ed9b197 and b4562cb.

Files selected for processing (3)

• playwright/ci-test/tests/02-download-page.spec.ts (1 hunks)
• playwright/ci-test/tests/04-community-page.spec.ts (3 hunks)
• playwright/ci-test/tests/05-donate-page.spec.ts (2 hunks)

Files skipped from review as they are similar to previous changes (2)

• playwright/ci-test/tests/02-download-page.spec.ts
• playwright/ci-test/tests/04-community-page.spec.ts

Additional comments: 1

playwright/ci-test/tests/05-donate-page.spec.ts (1)

• 8-9: The update from 'Donate' to 'Funding' in the locator text is a critical change reflecting updates in the website's UI. Ensure this change is consistent across the website to avoid test failures. It's also important to verify that the rest of the test script aligns with this update and that the assertions still validate the intended functionality.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between b4562cb and f9e08f1.

Files selected for processing (3)

• playwright/ci-test/tests/02-download-page.spec.ts (1 hunks)
• playwright/ci-test/tests/04-community-page.spec.ts (3 hunks)
• playwright/ci-test/tests/05-donate-page.spec.ts (2 hunks)

Files skipped from review as they are similar to previous changes (3)

• playwright/ci-test/tests/02-download-page.spec.ts
• playwright/ci-test/tests/04-community-page.spec.ts
• playwright/ci-test/tests/05-donate-page.spec.ts

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between f9e08f1 and ad52fa9.

Files selected for processing (2)

• playwright/ci-test/tests/04-community-page.spec.ts (3 hunks)
• playwright/ci-test/tests/05-donate-page.spec.ts (2 hunks)

Files skipped from review as they are similar to previous changes (2)

• playwright/ci-test/tests/04-community-page.spec.ts
• playwright/ci-test/tests/05-donate-page.spec.ts

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between ad52fa9 and b6c0a74.

Files selected for processing (2)

• playwright/ci-test/tests/04-community-page.spec.ts (4 hunks)
• playwright/ci-test/tests/05-donate-page.spec.ts (2 hunks)

Files skipped from review as they are similar to previous changes (2)

• playwright/ci-test/tests/04-community-page.spec.ts
• playwright/ci-test/tests/05-donate-page.spec.ts

[coderabbitai]

Review Status

Actionable comments generated: 3

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between b6c0a74 and cecca2e.

Files selected for processing (4)

• playwright/ci-test/tests/01-home-page.spec.ts (2 hunks)
• themes/hugo-bulma-blocks-theme/layouts/shortcodes/download-macos.html (1 hunks)
• themes/hugo-bulma-blocks-theme/layouts/shortcodes/download-platforms-end.html (1 hunks)
• themes/hugo-bulma-blocks-theme/layouts/shortcodes/download-windows.html (2 hunks)

Additional comments: 5

themes/hugo-bulma-blocks-theme/layouts/shortcodes/download-macos.html (2)

• 4-6: The addition of onclick="thanks(this)" and download attributes enhances user experience by providing a direct download option and potentially tracking downloads. However, ensure that the thanks function properly handles different scenarios and errors gracefully.
• 11-13: Similar to the previous comment, the use of onclick and download attributes here is appropriate for the intended functionality. Again, ensure robust error handling within the thanks function.

themes/hugo-bulma-blocks-theme/layouts/shortcodes/download-windows.html (2)

• 4-6: The addition of onclick="thanks(this)" and download attributes for the Windows download links is consistent with the changes made for macOS links, enhancing the user experience. Ensure the thanks function is robust against various scenarios.
• 11-13: The use of onclick and download attributes here and for the OSGeo4W Network Installer link is appropriate. Ensure that the thanks function handles errors and edge cases effectively.

Also applies to: 22-24

playwright/ci-test/tests/01-home-page.spec.ts (1)

• 112-112: The removal of an assertion related to a link labeled 'Members and Donors' in the main navigation section could indicate changes in the website's structure or navigation. Ensure that this change is intentional and does not reduce the test coverage. It might be beneficial to add or update assertions to reflect the current state of the website accurately.

[coderabbitai]

Considering the static analysis hints, there's a potential security risk with the use of template variables in href attributes. This could allow a malicious actor to inject a javascript: URI, leading to XSS attacks. Use the url template tag or url_for() function to safely generate URLs and consider setting a Content Security Policy (CSP) header to mitigate such risks.

- href="https://qgis.org/downloads/macos/qgis-macos-ltr.dmg"
+ href="{{ url_for('https://qgis.org/downloads/macos/qgis-macos-ltr.dmg') }}"
- href="https://qgis.org/downloads/macos/qgis-macos-pr.dmg"
+ href="{{ url_for('https://qgis.org/downloads/macos/qgis-macos-pr.dmg') }}"

Also applies to: 11-11

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	href="https://qgis.org/downloads/macos/qgis-macos-ltr.dmg"
	href="{{ url_for('https://qgis.org/downloads/macos/qgis-macos-ltr.dmg') }}"

[coderabbitai]

The potential security risk with the use of template variables in href attributes, as highlighted by the static analysis hints, applies here as well. Mitigate the risk of XSS attacks by using the url template tag or url_for() function to safely generate URLs and consider setting a Content Security Policy (CSP) header.

- href="{{ .ltr_msi }}"
+ href="{{ url_for(.ltr_msi) }}"
- href="{{ .lr_msi }}"
+ href="{{ url_for(.lr_msi) }}"
- href="{{ absURL "resources/installation-guide#osgeo4w-installer" }}"
+ href="{{ url_for(absURL "resources/installation-guide#osgeo4w-installer") }}"

Also applies to: 11-11, 22-22

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	href="{{ .ltr_msi }}"
	href="{{ url_for(.ltr_msi) }}"

[coderabbitai]

The thanks function provides a thoughtful user experience by opening the download in a new tab and redirecting to a thank you page. To enhance security, consider adding rel="noopener noreferrer" to the anchor tags to mitigate potential risks associated with window.open. Additionally, ensure that the redirection URL is validated to prevent open redirect vulnerabilities.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between cecca2e and 53589a8.

Files selected for processing (1)

• content/funding/donate.md (1 hunks)

Additional comments: 1

content/funding/donate.md (1)

• 143-143: The update to the link directing users to the financial reports and budgets section is a positive change, enhancing the transparency and accessibility of financial information for users. This change aligns well with the PR objectives of improving usability and maintainability of the website. Ensure that the link is correctly formatted and functional within the website's structure, and that it leads to the intended section without any issues.