Fix glitch-soc marking every link in toots as a tag

Fixes #1281
remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
Thibaut Girka 2020-03-22 16:59:29 +01:00 committed by ThibG
parent d101438b9d
commit 2c510ee00a
3 changed files with 16 additions and 3 deletions

View File

@ -131,7 +131,7 @@ class Formatter
end end
def link_url(url) def link_url(url)
"<a href=\"#{encode(url)}\" target=\"blank\" rel=\"nofollow noopener\">#{link_html(url)}</a>" "<a href=\"#{encode(url)}\" target=\"blank\" rel=\"nofollow noopener noreferrer\">#{link_html(url)}</a>"
end end
private private

View File

@ -54,6 +54,15 @@ class Sanitize
end end
end end
LINK_REL_TRANSFORMER = lambda do |env|
return unless env[:node_name] == 'a'
node = env[:node]
rel = (node['rel'] || '').split(' ') & ['tag']
node['rel'] = (['nofollow', 'noopener', 'noreferrer'] + rel).join(' ')
end
UNSUPPORTED_HREF_TRANSFORMER = lambda do |env| UNSUPPORTED_HREF_TRANSFORMER = lambda do |env|
return unless env[:node_name] == 'a' return unless env[:node_name] == 'a'
@ -82,7 +91,6 @@ class Sanitize
add_attributes: { add_attributes: {
'a' => { 'a' => {
'rel' => 'nofollow noopener tag noreferrer',
'target' => '_blank', 'target' => '_blank',
}, },
}, },
@ -95,6 +103,7 @@ class Sanitize
transformers: [ transformers: [
CLASS_WHITELIST_TRANSFORMER, CLASS_WHITELIST_TRANSFORMER,
IMG_TAG_TRANSFORMER, IMG_TAG_TRANSFORMER,
LINK_REL_TRANSFORMER,
UNSUPPORTED_HREF_TRANSFORMER, UNSUPPORTED_HREF_TRANSFORMER,
] ]
) )

View File

@ -28,7 +28,11 @@ describe Sanitize::Config do
end end
it 'keeps a with href' do it 'keeps a with href' do
expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener tag noreferrer" target="_blank">Test</a>' expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
end
it 'keeps a with href and rel tag' do
expect(Sanitize.fragment('<a href="http://example.com" rel="tag">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer tag" target="_blank">Test</a>'
end end
end end
end end