mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 05:40:52 +08:00
FIX: add rel noopener and noreferrer in addition to nofollow
This commit is contained in:
parent
18156719bd
commit
7cb76f7333
|
@ -261,11 +261,11 @@ module PrettyText
|
|||
whitelist.any?{|u| uri.host == u || uri.host.ends_with?("." << u)}
|
||||
# we are good no need for nofollow
|
||||
else
|
||||
l["rel"] = "nofollow"
|
||||
l["rel"] = "nofollow noopener noreferrer"
|
||||
end
|
||||
rescue URI::InvalidURIError, URI::InvalidComponentError
|
||||
# add a nofollow anyway
|
||||
l["rel"] = "nofollow"
|
||||
l["rel"] = "nofollow noopener noreferrer"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -446,7 +446,7 @@ describe CookedPostProcessor do
|
|||
|
||||
it "uses schemaless url for uploads" do
|
||||
cpp.optimize_urls
|
||||
expect(cpp.html).to match_html '<p><a href="//test.localhost/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//test.localhost/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//test.localhost/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
expect(cpp.html).to match_html '<p><a href="//test.localhost/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//test.localhost/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//test.localhost/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
end
|
||||
|
||||
context "when CDN is enabled" do
|
||||
|
@ -454,20 +454,20 @@ describe CookedPostProcessor do
|
|||
it "does use schemaless CDN url for http uploads" do
|
||||
Rails.configuration.action_controller.stubs(:asset_host).returns("http://my.cdn.com")
|
||||
cpp.optimize_urls
|
||||
expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
end
|
||||
|
||||
it "does not use schemaless CDN url for https uploads" do
|
||||
Rails.configuration.action_controller.stubs(:asset_host).returns("https://my.cdn.com")
|
||||
cpp.optimize_urls
|
||||
expect(cpp.html).to match_html '<p><a href="https://my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="https://my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="https://my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="https://my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
expect(cpp.html).to match_html '<p><a href="https://my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="https://my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="https://my.cdn.com/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="https://my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
end
|
||||
|
||||
it "does not use CDN when login is required" do
|
||||
SiteSetting.login_required = true
|
||||
Rails.configuration.action_controller.stubs(:asset_host).returns("http://my.cdn.com")
|
||||
cpp.optimize_urls
|
||||
expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
expect(cpp.html).to match_html '<p><a href="//my.cdn.com/uploads/default/2/2345678901234567.jpg">Link</a><br><img src="//my.cdn.com/uploads/default/1/1234567890123456.jpg"><br><a href="http://www.google.com" rel="nofollow noopener noreferrer">Google</a><br><img src="http://foo.bar/image.png"><br><a class="attachment" href="//test.localhost/uploads/default/original/1X/af2c2618032c679333bebf745e75f9088748d737.txt">text.txt</a> (20 Bytes)<br><img src="//my.cdn.com/images/emoji/emoji_one/smile.png?v=3" title=":smile:" class="emoji" alt=":smile:"></p>'
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -77,7 +77,7 @@ HTML
|
|||
end
|
||||
|
||||
it "should inject nofollow in all user provided links" do
|
||||
expect(PrettyText.cook('<a href="http://cnn.com">cnn</a>')).to match(/nofollow/)
|
||||
expect(PrettyText.cook('<a href="http://cnn.com">cnn</a>')).to match(/nofollow noopener noreferrer/)
|
||||
end
|
||||
|
||||
it "should not inject nofollow in all local links" do
|
||||
|
|
|
@ -200,7 +200,7 @@ describe PostAnalyzer do
|
|||
|
||||
it "ignores oneboxes" do
|
||||
post_analyzer = PostAnalyzer.new("Hello @Jake\n#{url}", default_topic_id)
|
||||
post_analyzer.stubs(:cook).returns("<p>Hello <span class=\"mention\">@Jake</span><br><a href=\"https://twitter.com/evil_trout/status/345954894420787200\" class=\"onebox\" target=\"_blank\" rel=\"nofollow\">@Finn</a></p>")
|
||||
post_analyzer.stubs(:cook).returns("<p>Hello <span class=\"mention\">@Jake</span><br><a href=\"https://twitter.com/evil_trout/status/345954894420787200\" class=\"onebox\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">@Finn</a></p>")
|
||||
expect(post_analyzer.raw_mentions).to eq(['jake'])
|
||||
end
|
||||
|
||||
|
|
|
@ -812,7 +812,7 @@ describe Post do
|
|||
it "should add nofollow to links in the post for trust levels below 3" do
|
||||
post.user.trust_level = 2
|
||||
post.save
|
||||
expect(post.cooked).to match(/nofollow/)
|
||||
expect(post.cooked).to match(/nofollow noopener noreferrer/)
|
||||
end
|
||||
|
||||
it "when tl3_links_no_follow is false, should not add nofollow for trust level 3 and higher" do
|
||||
|
@ -826,7 +826,7 @@ describe Post do
|
|||
SiteSetting.stubs(:tl3_links_no_follow).returns(true)
|
||||
post.user.trust_level = 3
|
||||
post.save
|
||||
expect(post.cooked).to match(/nofollow/)
|
||||
expect(post.cooked).to match(/nofollow noopener noreferrer/)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -121,8 +121,8 @@ describe UserProfile do
|
|||
|
||||
it 'includes the link as nofollow if the user is not new' do
|
||||
user.user_profile.send(:cook)
|
||||
expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow'>http://discourse.org</a>")
|
||||
expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow\">http://discourse.org</a></p>")
|
||||
expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener noreferrer'>http://discourse.org</a>")
|
||||
expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener noreferrer\">http://discourse.org</a></p>")
|
||||
end
|
||||
|
||||
it 'removes the link if the user is new' do
|
||||
|
@ -160,8 +160,8 @@ describe UserProfile do
|
|||
created_user.save
|
||||
created_user.reload
|
||||
created_user.change_trust_level!(TrustLevel[2])
|
||||
expect(created_user.user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow'>http://discourse.org</a>")
|
||||
expect(created_user.user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow\">http://discourse.org</a></p>")
|
||||
expect(created_user.user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener noreferrer'>http://discourse.org</a>")
|
||||
expect(created_user.user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener noreferrer\">http://discourse.org</a></p>")
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -171,8 +171,8 @@ describe UserProfile do
|
|||
it 'includes the link with nofollow if the user is trust level 3 or higher' do
|
||||
user.trust_level = TrustLevel[3]
|
||||
user_profile.send(:cook)
|
||||
expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow'>http://discourse.org</a>")
|
||||
expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow\">http://discourse.org</a></p>")
|
||||
expect(user_profile.bio_excerpt).to match_html("I love <a href='http://discourse.org' rel='nofollow noopener noreferrer'>http://discourse.org</a>")
|
||||
expect(user_profile.bio_processed).to match_html("<p>I love <a href=\"http://discourse.org\" rel=\"nofollow noopener noreferrer\">http://discourse.org</a></p>")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user