From 40ee8133e931c935173c5efaa110811258d957ea Mon Sep 17 00:00:00 2001
From: Vincent <git@vincenttunru.com>
Date: Tue, 18 Feb 2025 14:05:40 +0100
Subject: [PATCH] State that we don't endorse breached sites

---
 .../[breachName]/BreachDetailView.tsx         |  2 +-
 .../[breachName]/BreachDetailsView.test.tsx   | 27 ++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailView.tsx b/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailView.tsx
index bbb740fe894..30211ca5a75 100644
--- a/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailView.tsx
+++ b/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailView.tsx
@@ -117,7 +117,7 @@ export const BreachDetailsView = (props: Props) => {
               href={`https://${breach.Domain}`}
               eventData={{ link_id: breach.Domain }}
               target="_blank"
-              rel="noopener noreferrer"
+              rel="nofollow noopener noreferrer"
             >
               {breach.Domain}
             </TelemetryLink>
diff --git a/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailsView.test.tsx b/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailsView.test.tsx
index 4635ff74f8e..a675b58055e 100644
--- a/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailsView.test.tsx
+++ b/src/app/(proper_react)/(redesign)/(public)/breach-details/[breachName]/BreachDetailsView.test.tsx
@@ -4,9 +4,11 @@
 
 import { it, expect } from "@jest/globals";
 import { composeStory } from "@storybook/react";
+import { type ComponentProps } from "react";
 import { render, screen } from "@testing-library/react";
 import Meta, { BreachDetailViewStory } from "./BreachDetailView.stories";
 import { createRandomHibpListing } from "../../../../../../apiMocks/mockData";
+import { type TelemetryLink } from "../../../../../components/client/TelemetryLink";
 
 jest.mock("../../../../../components/client/SignInButton", () => {
   return {
@@ -15,7 +17,10 @@ jest.mock("../../../../../components/client/SignInButton", () => {
 });
 jest.mock("../../../../../components/client/TelemetryLink", () => {
   return {
-    TelemetryLink: () => null,
+    TelemetryLink: ({
+      eventData: _eventData,
+      ...otherProps
+    }: ComponentProps<typeof TelemetryLink>) => <a {...otherProps} />,
   };
 });
 
@@ -30,6 +35,26 @@ it("details the breach", () => {
   expect(overviewSection).toBeInTheDocument();
 });
 
+it("tells search engines that we do not endorse breached websites, even if we link to them", () => {
+  const ComposedBreachDetailView = composeStory(BreachDetailViewStory, Meta);
+  const breachedDomain = "example.com";
+  render(
+    <ComposedBreachDetailView
+      breach={createRandomHibpListing({ Domain: breachedDomain })}
+    />,
+  );
+
+  const linksToBreachedDomain = screen
+    .getAllByRole("link")
+    .filter(
+      (link) => link.getAttribute("href") === `https://${breachedDomain}`,
+    );
+  expect(linksToBreachedDomain).not.toHaveLength(0);
+  linksToBreachedDomain.forEach((link) => {
+    expect(link.getAttribute("rel")).toMatch("nofollow");
+  });
+});
+
 it("special-cases the description for BVD, as per their request", () => {
   const ComposedBreachDetailView = composeStory(BreachDetailViewStory, Meta);
   render(