Add noopener and noreferer to links in user generated content
authorTom Hughes <tom@compton.nu>
Wed, 9 Jan 2019 18:00:47 +0000 (18:00 +0000)
committerTom Hughes <tom@compton.nu>
Wed, 16 Jan 2019 10:10:51 +0000 (10:10 +0000)
config/initializers/sanitize.rb
lib/rich_text.rb
test/lib/rich_text_test.rb

index 240f1e3..c7b7b33 100644 (file)
@@ -1,5 +1,5 @@
 Sanitize::Config::OSM = Sanitize::Config::RELAXED.dup
 
 Sanitize::Config::OSM[:elements] -= %w[div style]
-Sanitize::Config::OSM[:add_attributes] = { "a" => { "rel" => "nofollow" } }
+Sanitize::Config::OSM[:add_attributes] = { "a" => { "rel" => "nofollow noopener noreferer" } }
 Sanitize::Config::OSM[:remove_contents] = %w[script style]
index 5b0faae..2b3e07d 100644 (file)
@@ -61,9 +61,9 @@ module RichText
 
     def linkify(text, mode = :urls)
       if text.html_safe?
-        Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow")).html_safe
+        Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow noopener noreferer")).html_safe
       else
-        Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow"))
+        Rinku.auto_link(text, mode, tag_builder.tag_options(:rel => "nofollow noopener noreferer"))
       end
     end
   end
index 74d396b..e1603fb 100644 (file)
@@ -8,14 +8,14 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("html", "foo <a href='http://example.com/'>bar</a> baz")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("html", "foo example@example.com bar")
@@ -27,7 +27,7 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='mailto:example@example.com']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("html", "foo <div>bar</div> baz")
@@ -64,28 +64,28 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("markdown", "foo [bar](http://example.com/) baz")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("markdown", "foo example@example.com bar")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='mailto:example@example.com']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("markdown", "foo [bar](mailto:example@example.com) bar")
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='mailto:example@example.com']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("markdown", "foo ![bar](http://example.com/example.png) bar")
@@ -162,7 +162,7 @@ class RichTextTest < ActiveSupport::TestCase
     assert_html r do
       assert_select "a", 1
       assert_select "a[href='http://example.com/']", 1
-      assert_select "a[rel='nofollow']", 1
+      assert_select "a[rel='nofollow noopener noreferer']", 1
     end
 
     r = RichText.new("text", "foo example@example.com bar")