diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2020-03-22 16:59:29 +0100 |
|---|---|---|
| committer | ThibG <thib@sitedethib.com> | 2020-03-24 12:07:47 +0100 |
| commit | 2c510ee00a9fb4141a428d9a21dbd561171b3409 (patch) | |
| tree | b54c2d07b6ab38e827287865b93606daa5885d15 | |
| parent | d101438b9d1bd827c191605cb21d58f83de2124d (diff) | |
Fix glitch-soc marking every link in toots as a tag
Fixes #1281
| -rw-r--r-- | app/lib/formatter.rb | 2 | ||||
| -rw-r--r-- | app/lib/sanitize_config.rb | 11 | ||||
| -rw-r--r-- | spec/lib/sanitize_config_spec.rb | 6 |
3 files changed, 16 insertions, 3 deletions
diff --git a/app/lib/formatter.rb b/app/lib/formatter.rb index fcc99d009..b7a0286d2 100644 --- a/app/lib/formatter.rb +++ b/app/lib/formatter.rb @@ -131,7 +131,7 @@ class Formatter end def link_url(url) - "<a href=\"#{encode(url)}\" target=\"blank\" rel=\"nofollow noopener\">#{link_html(url)}</a>" + "<a href=\"#{encode(url)}\" target=\"blank\" rel=\"nofollow noopener noreferrer\">#{link_html(url)}</a>" end private diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index e3fc94ba6..8bbcca4ce 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -54,6 +54,15 @@ class Sanitize end end + LINK_REL_TRANSFORMER = lambda do |env| + return unless env[:node_name] == 'a' + + node = env[:node] + + rel = (node['rel'] || '').split(' ') & ['tag'] + node['rel'] = (['nofollow', 'noopener', 'noreferrer'] + rel).join(' ') + end + UNSUPPORTED_HREF_TRANSFORMER = lambda do |env| return unless env[:node_name] == 'a' @@ -82,7 +91,6 @@ class Sanitize add_attributes: { 'a' => { - 'rel' => 'nofollow noopener tag noreferrer', 'target' => '_blank', }, }, @@ -95,6 +103,7 @@ class Sanitize transformers: [ CLASS_WHITELIST_TRANSFORMER, IMG_TAG_TRANSFORMER, + LINK_REL_TRANSFORMER, UNSUPPORTED_HREF_TRANSFORMER, ] ) diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb index 50558a0d8..2d82c00ea 100644 --- a/spec/lib/sanitize_config_spec.rb +++ b/spec/lib/sanitize_config_spec.rb @@ -28,7 +28,11 @@ describe Sanitize::Config do end it 'keeps a with href' do - expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener tag noreferrer" target="_blank">Test</a>' + expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>' + end + + it 'keeps a with href and rel tag' do + expect(Sanitize.fragment('<a href="http://example.com" rel="tag">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer tag" target="_blank">Test</a>' end end end |