diff --git a/app/lib/formatter.rb b/app/lib/formatter.rb index fcc99d0095b..b7a0286d2d6 100644 --- a/app/lib/formatter.rb +++ b/app/lib/formatter.rb @@ -131,7 +131,7 @@ class Formatter end def link_url(url) - "#{link_html(url)}" + "#{link_html(url)}" end private diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index e3fc94ba637..8bbcca4ce5c 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -54,6 +54,15 @@ class Sanitize end end + LINK_REL_TRANSFORMER = lambda do |env| + return unless env[:node_name] == 'a' + + node = env[:node] + + rel = (node['rel'] || '').split(' ') & ['tag'] + node['rel'] = (['nofollow', 'noopener', 'noreferrer'] + rel).join(' ') + end + UNSUPPORTED_HREF_TRANSFORMER = lambda do |env| return unless env[:node_name] == 'a' @@ -82,7 +91,6 @@ class Sanitize add_attributes: { 'a' => { - 'rel' => 'nofollow noopener tag noreferrer', 'target' => '_blank', }, }, @@ -95,6 +103,7 @@ class Sanitize transformers: [ CLASS_WHITELIST_TRANSFORMER, IMG_TAG_TRANSFORMER, + LINK_REL_TRANSFORMER, UNSUPPORTED_HREF_TRANSFORMER, ] ) diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb index 50558a0d816..2d82c00eaf2 100644 --- a/spec/lib/sanitize_config_spec.rb +++ b/spec/lib/sanitize_config_spec.rb @@ -28,7 +28,11 @@ describe Sanitize::Config do end it 'keeps a with href' do - expect(Sanitize.fragment('Test', subject)).to eq 'Test' + expect(Sanitize.fragment('Test', subject)).to eq 'Test' + end + + it 'keeps a with href and rel tag' do + expect(Sanitize.fragment('', subject)).to eq 'Test' end end end