Merge branch 'tom/noreferrer' into 'nightly'
Use noreferrer when linkifying attachments and allow this value in purifier If you click on a link in your main timeline this effectively identifies you to the site that you visited via the Referer header. (Who goes around reading other people's /user/all, honestly?) Annoyingly our notice content is already HTML. Rather than attempt to parse and modify the tags in flight, this modification takes the simpler approach of adding the noreferrer tag to inline links by default when notices are composed. See merge request !127
This commit is contained in:
commit
2e8a5aeb23
22
lib/util.php
22
lib/util.php
@ -594,7 +594,7 @@ function common_purify($html, array $args=array())
|
||||
*
|
||||
* Source: http://microformats.org/wiki/rel
|
||||
*/
|
||||
$cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
|
||||
$cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
|
||||
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
|
||||
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
|
||||
if (isset($args['URI.Base'])) {
|
||||
@ -1140,6 +1140,15 @@ function common_linkify($url) {
|
||||
}
|
||||
}
|
||||
|
||||
// Whether to nofollow
|
||||
$nf = common_config('nofollow', 'external');
|
||||
|
||||
if ($nf == 'never') {
|
||||
$attrs['rel'] = 'external';
|
||||
} else {
|
||||
$attrs['rel'] = 'nofollow external';
|
||||
}
|
||||
|
||||
// Add clippy
|
||||
if ($is_attachment) {
|
||||
$attrs['class'] = 'attachment';
|
||||
@ -1147,16 +1156,7 @@ function common_linkify($url) {
|
||||
$attrs['class'] = 'attachment thumbnail';
|
||||
}
|
||||
$attrs['id'] = "attachment-{$attachment_id}";
|
||||
}
|
||||
|
||||
// Whether to nofollow
|
||||
|
||||
$nf = common_config('nofollow', 'external');
|
||||
|
||||
if ($nf == 'never') {
|
||||
$attrs['rel'] = 'external';
|
||||
} else {
|
||||
$attrs['rel'] = 'nofollow external';
|
||||
$attrs['rel'] .= ' noreferrer';
|
||||
}
|
||||
|
||||
return XMLStringer::estring('a', $attrs, $url);
|
||||
|
Loading…
Reference in New Issue
Block a user