Make sanitizer *not* add no-referrer etc. in local markdown toots if the link is “safe”

author: Thibaut Girka <thib@sitedethib.com> 2020-03-22 17:56:49 +0100
committer: ThibG <thib@sitedethib.com> 2020-03-24 12:07:47 +0100
commit: 02f1c04fabab221130de8dfb5611be81825b193b (patch)
tree: c54df9c99e6d2e4e2b4f384362ff9a28002b064d /app/lib/sanitize_config.rb
parent: 2c510ee00a9fb4141a428d9a21dbd561171b3409 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb
index 8bbcca4ce..34793ed93 100644
--- a/app/lib/sanitize_config.rb
+++ b/app/lib/sanitize_config.rb
@@ -60,7 +60,10 @@ class Sanitize
       node = env[:node]
 
       rel = (node['rel'] || '').split(' ') & ['tag']
-      node['rel'] = (['nofollow', 'noopener', 'noreferrer'] + rel).join(' ')
+      unless env[:config][:outgoing] && TagManager.instance.local_url?(node['href'])
+        rel += ['nofollow', 'noopener', 'noreferrer']
+      end
+      node['rel'] = rel.join(' ')
     end
 
     UNSUPPORTED_HREF_TRANSFORMER = lambda do |env|
@@ -103,8 +106,8 @@ class Sanitize
       transformers: [
         CLASS_WHITELIST_TRANSFORMER,
         IMG_TAG_TRANSFORMER,
-        LINK_REL_TRANSFORMER,
         UNSUPPORTED_HREF_TRANSFORMER,
+        LINK_REL_TRANSFORMER,
       ]
     )
author	Thibaut Girka <thib@sitedethib.com>	2020-03-22 17:56:49 +0100
committer	ThibG <thib@sitedethib.com>	2020-03-24 12:07:47 +0100
commit	02f1c04fabab221130de8dfb5611be81825b193b (patch)
tree	c54df9c99e6d2e4e2b4f384362ff9a28002b064d /app/lib/sanitize_config.rb
parent	2c510ee00a9fb4141a428d9a21dbd561171b3409 (diff)