github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-29 16:55:07 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

do not add rel noreferrer

Browse Source
This commit is contained in:
Arpit Jalan 2016-11-20 18:19:14 +05:30
parent 7cb76f7333
commit 2d0c99636a
6 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/pretty_text.rb
View File

@ -261,11 +261,11 @@ module PrettyText
whitelist.any?{|u| uri.host == u || uri.host.ends_with?("." << u)} whitelist.any?{|u| uri.host == u || uri.host.ends_with?("." << u)}
# we are good no need for nofollow # we are good no need for nofollow
else else
l["rel"] = "nofollow noopener noreferrer" l["rel"] = "nofollow noopener"
end end
rescue URI::InvalidURIError, URI::InvalidComponentError rescue URI::InvalidURIError, URI::InvalidComponentError
# add a nofollow anyway # add a nofollow anyway
l["rel"] = "nofollow noopener noreferrer" l["rel"] = "nofollow noopener"
end end
end end
end end

8
spec/components/cooked_post_processor_spec.rb
View File

@ -446,7 +446,7 @@ describe CookedPostProcessor do
it "uses schemaless url for uploads" do it "uses schemaless url for uploads" do
cpp.optimize_urls cpp.optimize_urls
expect(cpp.html).to match_html '<p><a href="//test.localhost/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//test.localhost/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//test.localhost/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>' expect(cpp.html).to match_html '<p><a href="//test.localhost/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//test.localhost/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//test.localhost/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
end end
context "when CDN is enabled" do context "when CDN is enabled" do
@ -454,20 +454,20 @@ describe CookedPostProcessor do
it "does use schemaless CDN url for http uploads" do it "does use schemaless CDN url for http uploads" do
Rails.configuration.action_controller.stubs(:asset_host).returns("http://my.cdn.com") Rails.configuration.action_controller.stubs(:asset_host).returns("http://my.cdn.com")
cpp.optimize_urls cpp.optimize_urls
expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>' expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
end end
it "does not use schemaless CDN url for https uploads" do it "does not use schemaless CDN url for https uploads" do
Rails.configuration.action_controller.stubs(:asset_host).returns("https://my.cdn.com") Rails.configuration.action_controller.stubs(:asset_host).returns("https://my.cdn.com")
cpp.optimize_urls cpp.optimize_urls
expect(cpp.html).to match_html '<p><a href="https://my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="https://my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="https://my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="https://my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>' expect(cpp.html).to match_html '<p><a href="https://my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="https://my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="https://my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="https://my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
end end
it "does not use CDN when login is required" do it "does not use CDN when login is required" do
SiteSetting.login_required = true SiteSetting.login_required = true
Rails.configuration.action_controller.stubs(:asset_host).returns("http://my.cdn.com") Rails.configuration.action_controller.stubs(:asset_host).returns("http://my.cdn.com")
cpp.optimize_urls cpp.optimize_urls
expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>' expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
end end
end end

2
spec/components/pretty_text_spec.rb
View File

@ -77,7 +77,7 @@ HTML
end end
it "should inject nofollow in all user provided links" do it "should inject nofollow in all user provided links" do
expect(PrettyText.cook('<a href="http://cnn.com">cnn</a>')).to match(/nofollow noopener noreferrer/) expect(PrettyText.cook('<a href="http://cnn.com">cnn</a>')).to match(/nofollow noopener/)
end end
it "should not inject nofollow in all local links" do it "should not inject nofollow in all local links" do

2
spec/models/post_analyzer_spec.rb
View File

@ -200,7 +200,7 @@ describe PostAnalyzer do
it "ignores oneboxes" do it "ignores oneboxes" do
post_analyzer = PostAnalyzer.new("Hello @Jake\n#{url}", default_topic_id) post_analyzer = PostAnalyzer.new("Hello @Jake\n#{url}", default_topic_id)
post_analyzer.stubs(:cook).returns("<p>Hello <span class=\"mention\">@Jake</span><br><a href=\"https://twitter.com/evil_trout/status/345954894420787200\" class=\"onebox\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">@Finn</a></p>") post_analyzer.stubs(:cook).returns("<p>Hello <span class=\"mention\">@Jake</span><br><a href=\"https://twitter.com/evil_trout/status/345954894420787200\" class=\"onebox\" target=\"_blank\" rel=\"nofollow noopener\">@Finn</a></p>")
expect(post_analyzer.raw_mentions).to eq(['jake']) expect(post_analyzer.raw_mentions).to eq(['jake'])
end end

4
spec/models/post_spec.rb
View File

@ -812,7 +812,7 @@ describe Post do
it "should add nofollow to links in the post for trust levels below 3" do it "should add nofollow to links in the post for trust levels below 3" do
post.user.trust_level = 2 post.user.trust_level = 2
post.save post.save
expect(post.cooked).to match(/nofollow noopener noreferrer/) expect(post.cooked).to match(/nofollow noopener/)
end end
it "when tl3_links_no_follow is false, should not add nofollow for trust level 3 and higher" do it "when tl3_links_no_follow is false, should not add nofollow for trust level 3 and higher" do
@ -826,7 +826,7 @@ describe Post do
SiteSetting.stubs(:tl3_links_no_follow).returns(true) SiteSetting.stubs(:tl3_links_no_follow).returns(true)
post.user.trust_level = 3 post.user.trust_level = 3
post.save post.save
expect(post.cooked).to match(/nofollow noopener noreferrer/) expect(post.cooked).to match(/nofollow noopener/)
end end
end end

12
spec/models/user_profile_spec.rb
View File

@ -121,8 +121,8 @@ describe UserProfile do
it 'includes the link as nofollow if the user is not new' do it 'includes the link as nofollow if the user is not new' do
user.user_profile.send(:cook) user.user_profile.send(:cook)
expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener noreferrer'>http://discourse.org</a>") expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener'>http://discourse.org</a>")
expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener noreferrer\">http://discourse.org</a></p>") expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener\">http://discourse.org</a></p>")
end end
it 'removes the link if the user is new' do it 'removes the link if the user is new' do
@ -160,8 +160,8 @@ describe UserProfile do
created_user.save created_user.save
created_user.reload created_user.reload
created_user.change_trust_level!(TrustLevel[2]) created_user.change_trust_level!(TrustLevel[2])
expect(created_user.user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener noreferrer'>http://discourse.org</a>") expect(created_user.user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener'>http://discourse.org</a>")
expect(created_user.user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener noreferrer\">http://discourse.org</a></p>") expect(created_user.user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener\">http://discourse.org</a></p>")
end end
end end
@ -171,8 +171,8 @@ describe UserProfile do
it 'includes the link with nofollow if the user is trust level 3 or higher' do it 'includes the link with nofollow if the user is trust level 3 or higher' do
user.trust_level = TrustLevel[3] user.trust_level = TrustLevel[3]
user_profile.send(:cook) user_profile.send(:cook)
expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener noreferrer'>http://discourse.org</a>") expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener'>http://discourse.org</a>")
expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener noreferrer\">http://discourse.org</a></p>") expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener\">http://discourse.org</a></p>")
end end
end end
end end