Merge branch 'tom/noreferrer' into 'nightly'

Use noreferrer when linkifying attachments and allow this value in purifier

If you click on a link in your main timeline this effectively identifies you to the site that you visited via the Referer header. (Who goes around reading other people's /user/all, honestly?)

Annoyingly our notice content is already HTML. Rather than attempt to parse and modify the tags in flight, this modification takes the simpler approach of adding the noreferrer tag to inline links by default when notices are composed.

See merge request !127

lib/util.php

@@ -594,7 +594,7 @@ function common_purify($html, array $args=array())
      *
      * Source: http://microformats.org/wiki/rel
      */
-    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
+    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
     $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
     $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
     if (isset($args['URI.Base'])) {
@@ -1140,6 +1140,15 @@ function common_linkify($url) {
         }
     }
 
+    // Whether to nofollow
+    $nf = common_config('nofollow', 'external');
+
+    if ($nf == 'never') {
+        $attrs['rel'] = 'external';
+    } else {
+        $attrs['rel'] = 'nofollow external';
+    }
+
     // Add clippy
     if ($is_attachment) {
         $attrs['class'] = 'attachment';
@@ -1147,16 +1156,7 @@ function common_linkify($url) {
             $attrs['class'] = 'attachment thumbnail';
         }
         $attrs['id'] = "attachment-{$attachment_id}";
-    }
-
-    // Whether to nofollow
-
-    $nf = common_config('nofollow', 'external');
-
-    if ($nf == 'never') {
-        $attrs['rel'] = 'external';
-    } else {
-        $attrs['rel'] = 'nofollow external';
+        $attrs['rel'] .= ' noreferrer';
     }
 
     return XMLStringer::estring('a', $attrs, $url);