cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Preserve rel=me on links in rich text

Browse source 
Fixes #3859
This commit is contained in:
Tom Hughes 2022-12-29 17:58:22 +00:00
parent 600ed78b04
commit 6033359bd0
3 changed files with 21 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.rubocop_todo.yml
View file

@ -89,7 +89,7 @@ Minitest/EmptyLineBeforeAssertionMethods:
# Offense count: 560
Minitest/MultipleAssertions:
Max: 52
Max: 54
# Offense count: 1
# Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros.

7
config/initializers/sanitize.rb
View file

@ -1,11 +1,16 @@
Sanitize::Config::OSM = Sanitize::Config.merge(
Sanitize::Config::RELAXED,
:elements => Sanitize::Config::RELAXED[:elements] - %w[div style],
:add_attributes => { "a" => { "rel" => "nofollow noopener noreferrer" } },
:remove_contents => %w[script style],
:transformers => lambda do |env|
env[:node].remove_class
env[:node].kwattr_remove("style", nil)
env[:node].add_class("table table-sm w-auto") if env[:node_name] == "table"
if env[:node_name] == "a"
rel = env[:node]["rel"] || ""
env[:node]["rel"] = rel.split.select { |r| r == "me" }.append("nofollow", "noopener", "noreferrer").sort.join(" ")
end
end
)

14
test/lib/rich_text_test.rb
View file

@ -18,6 +18,13 @@ class RichTextTest < ActiveSupport::TestCase
assert_select "a[rel='nofollow noopener noreferrer']", 1
end
r = RichText.new("html", "foo <a rel='junk me trash' href='http://example.com/'>bar</a> baz")
assert_html r do
assert_select "a", 1
assert_select "a[href='http://example.com/']", 1
assert_select "a[rel='me nofollow noopener noreferrer']", 1
end
r = RichText.new("html", "foo example@example.com bar")
assert_html r do
assert_select "a", 0
@ -91,6 +98,13 @@ class RichTextTest < ActiveSupport::TestCase
assert_select "a[rel='nofollow noopener noreferrer']", 1
end
r = RichText.new("markdown", "foo <a rel='junk me trash' href='http://example.com/'>bar</a>) baz")
assert_html r do
assert_select "a", 1
assert_select "a[href='http://example.com/']", 1
assert_select "a[rel='me nofollow noopener noreferrer']", 1
end
r = RichText.new("markdown", "foo example@example.com bar")
assert_html r do
assert_select "a", 1