Fix glitch-soc marking every link in toots as a tag

Fixes #1281
master
Thibaut Girka 5 years ago committed by ThibG
parent d101438b9d
commit 2c510ee00a
  1. 2
      app/lib/formatter.rb
  2. 11
      app/lib/sanitize_config.rb
  3. 6
      spec/lib/sanitize_config_spec.rb

@ -131,7 +131,7 @@ class Formatter
end end
def link_url(url) def link_url(url)
"<a href=\"#{encode(url)}\" target=\"blank\" rel=\"nofollow noopener\">#{link_html(url)}</a>" "<a href=\"#{encode(url)}\" target=\"blank\" rel=\"nofollow noopener noreferrer\">#{link_html(url)}</a>"
end end
private private

@ -54,6 +54,15 @@ class Sanitize
end end
end end
LINK_REL_TRANSFORMER = lambda do |env|
return unless env[:node_name] == 'a'
node = env[:node]
rel = (node['rel'] || '').split(' ') & ['tag']
node['rel'] = (['nofollow', 'noopener', 'noreferrer'] + rel).join(' ')
end
UNSUPPORTED_HREF_TRANSFORMER = lambda do |env| UNSUPPORTED_HREF_TRANSFORMER = lambda do |env|
return unless env[:node_name] == 'a' return unless env[:node_name] == 'a'
@ -82,7 +91,6 @@ class Sanitize
add_attributes: { add_attributes: {
'a' => { 'a' => {
'rel' => 'nofollow noopener tag noreferrer',
'target' => '_blank', 'target' => '_blank',
}, },
}, },
@ -95,6 +103,7 @@ class Sanitize
transformers: [ transformers: [
CLASS_WHITELIST_TRANSFORMER, CLASS_WHITELIST_TRANSFORMER,
IMG_TAG_TRANSFORMER, IMG_TAG_TRANSFORMER,
LINK_REL_TRANSFORMER,
UNSUPPORTED_HREF_TRANSFORMER, UNSUPPORTED_HREF_TRANSFORMER,
] ]
) )

@ -28,7 +28,11 @@ describe Sanitize::Config do
end end
it 'keeps a with href' do it 'keeps a with href' do
expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener tag noreferrer" target="_blank">Test</a>' expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
end
it 'keeps a with href and rel tag' do
expect(Sanitize.fragment('<a href="http://example.com" rel="tag">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer tag" target="_blank">Test</a>'
end end
end end
end end

Loading…
Cancel
Save