From cd978fa15356429ebc867493f69172cdd23b2f47 Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sun, 28 Feb 2016 13:16:52 +0100
Subject: [PATCH] Edited the list of allowed rel values

---
 lib/util.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/util.php b/lib/util.php
index 9f9b3f66d4..c175c6e9ae 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -585,7 +585,15 @@ function common_purify($html, array $args=array())
     require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
 
     $cfg = HTMLPurifier_Config::createDefault();
-    $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']);  // http://microformats.org/wiki/rel
+    /**
+     * rel values that should be avoided since they can be used to infer
+     * information about the _current_ page, not the h-entry:
+     *
+     *      directory, home, license, payment
+     *
+     * Source: http://microformats.org/wiki/rel
+     */
+    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
     $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
     $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
     if (isset($args['URI.Base'])) {