cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add noopener and noreferer to links in user generated content

Browse source
This commit is contained in:
Tom Hughes 2019-01-09 18:00:47 +00:00
parent 1f3372f52c
commit df232ec96f
3 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/initializers/sanitize.rb
View file

@ -1,5 +1,5 @@
Sanitize::Config::OSM = Sanitize::Config::RELAXED.dup
Sanitize::Config::OSM[:elements] -= %w[div style]
Sanitize::Config::OSM[:add_attributes] = { "a" => { "rel" => "nofollow" } }
Sanitize::Config::OSM[:add_attributes] = { "a" => { "rel" => "nofollow noopener noreferer" } }
Sanitize::Config::OSM[:remove_contents] = %w[script style]

4
lib/rich_text.rb
View file

@ -61,9 +61,9 @@ module RichText
def linkify(text, mode = :urls)
if text.html_safe?
Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow")).html_safe
Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow noopener noreferer")).html_safe
else
Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow"))
Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow noopener noreferer"))
end
end
end

16
test/lib/rich_text_test.rb
View file

@ -8,14 +8,14 @@ class RichTextTest < ActiveSupport::TestCase
assert_html r do
assert_select "a", 1
assert_select "a[href='http://example.com/']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("html", "foo <a href='http://example.com/'>bar</a> baz")
assert_html r do
assert_select "a", 1
assert_select "a[href='http://example.com/']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("html", "foo example@example.com bar")
@ -27,7 +27,7 @@ class RichTextTest < ActiveSupport::TestCase
assert_html r do
assert_select "a", 1
assert_select "a[href='mailto:example@example.com']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("html", "foo <div>bar</div> baz")
@ -64,28 +64,28 @@ class RichTextTest < ActiveSupport::TestCase
assert_html r do
assert_select "a", 1
assert_select "a[href='http://example.com/']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("markdown", "foo [bar](http://example.com/) baz")
assert_html r do
assert_select "a", 1
assert_select "a[href='http://example.com/']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("markdown", "foo example@example.com bar")
assert_html r do
assert_select "a", 1
assert_select "a[href='mailto:example@example.com']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("markdown", "foo [bar](mailto:example@example.com) bar")
assert_html r do
assert_select "a", 1
assert_select "a[href='mailto:example@example.com']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("markdown", "foo ![bar](http://example.com/example.png) bar")
@ -162,7 +162,7 @@ class RichTextTest < ActiveSupport::TestCase
assert_html r do
assert_select "a", 1
assert_select "a[href='http://example.com/']", 1
assert_select "a[rel='nofollow']", 1
assert_select "a[rel='nofollow noopener noreferer']", 1
end
r = RichText.new("text", "foo example@example.com bar")