From 652050a87e373f367e3907f37e1c7669f0520337 Mon Sep 17 00:00:00 2001 From: Dennis Schubert Date: Sun, 19 Jun 2016 03:48:29 +0200 Subject: [PATCH] Add rel="noopener noreferrer" to autolinks --- .../javascripts/app/helpers/text_formatter.js | 5 +++-- lib/diaspora/markdownify/html.rb | 6 +++++- .../app/helpers/text_formatter_spec.js | 15 +++++++-------- spec/lib/diaspora/markdownify_spec.rb | 17 +++++++++++++---- spec/lib/diaspora/message_renderer_spec.rb | 2 +- 5 files changed, 29 insertions(+), 16 deletions(-) diff --git a/app/assets/javascripts/app/helpers/text_formatter.js b/app/assets/javascripts/app/helpers/text_formatter.js index 93adee239..ea237832c 100644 --- a/app/assets/javascripts/app/helpers/text_formatter.js +++ b/app/assets/javascripts/app/helpers/text_formatter.js @@ -26,11 +26,12 @@ array[index][1] = attribute[1].replace(/^www\./, "http://www."); } }); - tokens[idx].attrPush([ "target", "_blank" ]); + tokens[idx].attrPush(["target", "_blank"]); + tokens[idx].attrPush(["rel", "noopener noreferrer"]); }); md.use(inlinePlugin, "responsive_images", "image", function (tokens, idx) { - tokens[idx].attrPush([ "class", "img-responsive" ]); + tokens[idx].attrPush(["class", "img-responsive"]); }); var hashtagPlugin = window.markdownitHashtag; diff --git a/lib/diaspora/markdownify/html.rb b/lib/diaspora/markdownify/html.rb index 04b2e8f16..a9c516869 100644 --- a/lib/diaspora/markdownify/html.rb +++ b/lib/diaspora/markdownify/html.rb @@ -4,7 +4,11 @@ module Diaspora include ActionView::Helpers::TextHelper def autolink link, type - Twitter::Autolink.auto_link_urls(link, url_target: "_blank") + Twitter::Autolink.auto_link_urls( + link, + url_target: "_blank", + link_attribute_block: lambda {|_, attr| attr[:rel] += " noopener noreferrer" } + ) end end end diff --git a/spec/javascripts/app/helpers/text_formatter_spec.js b/spec/javascripts/app/helpers/text_formatter_spec.js index 2d778ad78..eca62cb4d 100644 --- a/spec/javascripts/app/helpers/text_formatter_spec.js +++ b/spec/javascripts/app/helpers/text_formatter_spec.js @@ -132,8 +132,11 @@ describe("app.helpers.textFormatter", function(){ expect(linkElement.attr("target")).toContain("_blank"); }); - expect(this.formatter('')).toContain('')).toContain('_blank'); + expect(this.formatter("")).toContain("")).toContain("_blank"); + + expect(this.formatter("")).toContain("noopener"); + expect(this.formatter("")).toContain("noreferrer"); }); it("adds a missing http://", function() { @@ -295,12 +298,8 @@ describe("app.helpers.textFormatter", function(){ 'https://foo.com!', 'ftp://example.org:8080' ]; - var results = [ - '

https://foo.com!

', - '

ftp://example.org:8080

' - ]; for (var i = 0; i < contents.length; i++) { - expect(this.formatter(contents[i])).toContain(results[i]); + expect(this.formatter(contents[i])).toContain("oh, cool, nginx 1.7.9 supports json autoindexes: http://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex_format

' + '

oh, cool, nginx 1.7.9 supports json autoindexes: http://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex_format

' ]; for (var i = 0; i < contents.length; i++) { expect(this.formatter(contents[i])).toContain(results[i]); diff --git a/spec/lib/diaspora/markdownify_spec.rb b/spec/lib/diaspora/markdownify_spec.rb index 143a62f31..161f88ff6 100644 --- a/spec/lib/diaspora/markdownify_spec.rb +++ b/spec/lib/diaspora/markdownify_spec.rb @@ -1,12 +1,12 @@ -require 'spec_helper' +require "spec_helper" describe Diaspora::Markdownify::HTML do - describe '#autolink' do + describe "#autolink" do before do @html = Diaspora::Markdownify::HTML.new end - it 'should make all of the links open in a new tab' do + it "should make all of the links open in a new tab" do markdownified = @html.autolink("http://joindiaspora.com", nil) doc = Nokogiri.parse(markdownified) @@ -14,5 +14,14 @@ describe Diaspora::Markdownify::HTML do expect(link.attr("target").value).to eq("_blank") end + + it "should add noopener and noreferrer to autolinks' rel attributes" do + markdownified = @html.autolink("http://joindiaspora.com", nil) + doc = Nokogiri.parse(markdownified) + + link = doc.css("a") + + expect(link.attr("rel").value).to include("noopener", "noreferrer") + end end -end \ No newline at end of file +end diff --git a/spec/lib/diaspora/message_renderer_spec.rb b/spec/lib/diaspora/message_renderer_spec.rb index 5929480d4..9362c6fd0 100644 --- a/spec/lib/diaspora/message_renderer_spec.rb +++ b/spec/lib/diaspora/message_renderer_spec.rb @@ -169,7 +169,7 @@ describe Diaspora::MessageRenderer do it 'should process text with both a hashtag and a link' do expect( message("Test #tag?\nhttps://joindiaspora.com\n").markdownified - ).to eq %{

Test #tag?
\nhttps://joindiaspora.com

\n} + ).to eq %{

Test #tag?
\nhttps://joindiaspora.com

\n} end it 'should process text with a header' do