Use noreferrer when linkifying attachments and allow this value in purifier

This commit is contained in:
Thomas Karpiniec 2016-06-09 19:56:36 +10:00
parent bd306bdb9f
commit c1537a1e82

View File

@ -594,7 +594,7 @@ function common_purify($html, array $args=array())
*
* Source: http://microformats.org/wiki/rel
*/
$cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
$cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
if (isset($args['URI.Base'])) {
@ -1140,6 +1140,15 @@ function common_linkify($url) {
}
}
// Whether to nofollow
$nf = common_config('nofollow', 'external');
if ($nf == 'never') {
$attrs['rel'] = 'external';
} else {
$attrs['rel'] = 'nofollow external';
}
// Add clippy
if ($is_attachment) {
$attrs['class'] = 'attachment';
@ -1147,16 +1156,7 @@ function common_linkify($url) {
$attrs['class'] = 'attachment thumbnail';
}
$attrs['id'] = "attachment-{$attachment_id}";
}
// Whether to nofollow
$nf = common_config('nofollow', 'external');
if ($nf == 'never') {
$attrs['rel'] = 'external';
} else {
$attrs['rel'] = 'nofollow external';
$attrs['rel'] .= ' noreferrer';
}
return XMLStringer::estring('a', $attrs, $url);