diff --git a/library/HTMLPurifier.includes.php b/library/HTMLPurifier.includes.php index fdb58c2d..de8d82d2 100644 --- a/library/HTMLPurifier.includes.php +++ b/library/HTMLPurifier.includes.php @@ -132,6 +132,7 @@ require 'HTMLPurifier/AttrTransform/Length.php'; require 'HTMLPurifier/AttrTransform/Name.php'; require 'HTMLPurifier/AttrTransform/NameSync.php'; require 'HTMLPurifier/AttrTransform/Nofollow.php'; +require 'HTMLPurifier/AttrTransform/Noreferrer.php'; require 'HTMLPurifier/AttrTransform/SafeEmbed.php'; require 'HTMLPurifier/AttrTransform/SafeObject.php'; require 'HTMLPurifier/AttrTransform/SafeParam.php'; @@ -163,6 +164,7 @@ require 'HTMLPurifier/HTMLModule/List.php'; require 'HTMLPurifier/HTMLModule/Name.php'; require 'HTMLPurifier/HTMLModule/Nofollow.php'; require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php'; +require 'HTMLPurifier/HTMLModule/Noreferrer.php'; require 'HTMLPurifier/HTMLModule/Object.php'; require 'HTMLPurifier/HTMLModule/Presentation.php'; require 'HTMLPurifier/HTMLModule/Proprietary.php'; diff --git a/library/HTMLPurifier.safe-includes.php b/library/HTMLPurifier.safe-includes.php index 9dea6d1e..0f1e7ebb 100644 --- a/library/HTMLPurifier.safe-includes.php +++ b/library/HTMLPurifier.safe-includes.php @@ -126,6 +126,7 @@ require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Nofollow.php'; +require_once $__dir . '/HTMLPurifier/AttrTransform/Noreferrer.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php'; @@ -157,6 +158,7 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/List.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Nofollow.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php'; +require_once $__dir . '/HTMLPurifier/HTMLModule/Noreferrer.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php'; diff --git a/library/HTMLPurifier/AttrTransform/Noreferrer.php b/library/HTMLPurifier/AttrTransform/Noreferrer.php new file mode 100644 index 00000000..e877408c --- /dev/null +++ b/library/HTMLPurifier/AttrTransform/Noreferrer.php @@ -0,0 +1,42 @@ +parser = new HTMLPurifier_URIParser(); + } + + /** + * @param array $attr + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return array + */ + public function transform($attr, $config, $context) + { + // Nothing to do If we already have noreferrer in the rel attribute + if (!empty($attr['rel']) && substr($attr['rel'], 'noreferrer') !== false) { + return $attr; + } + + // If _blank target attribute exists, add rel=noreferrer + if (!empty($attr['target']) && $attr['target'] == '_blank') { + $attr['rel'] = !empty($attr['rel']) ? $attr['rel'] . ' noreferrer' : 'noreferrer'; + } + + return $attr; + } +} + diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser index 30785dcf..0a42627c 100644 Binary files a/library/HTMLPurifier/ConfigSchema/schema.ser and b/library/HTMLPurifier/ConfigSchema/schema.ser differ diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.Noreferrer.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.Noreferrer.txt new file mode 100644 index 00000000..5389ffe7 --- /dev/null +++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.Noreferrer.txt @@ -0,0 +1,7 @@ +HTML.Noreferrer +TYPE: bool +VERSION: 4.3.0 +DEFAULT: FALSE +--DESCRIPTION-- +If enabled, noreferrer rel attributes are added to all outgoing links. +--# vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/HTMLModule/Noreferrer.php b/library/HTMLPurifier/HTMLModule/Noreferrer.php new file mode 100644 index 00000000..3f9a76e1 --- /dev/null +++ b/library/HTMLPurifier/HTMLModule/Noreferrer.php @@ -0,0 +1,21 @@ +addBlankElement('a'); + $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_Noreferrer(); + } +} \ No newline at end of file diff --git a/library/HTMLPurifier/HTMLModuleManager.php b/library/HTMLPurifier/HTMLModuleManager.php index f3a17cb0..44406688 100644 --- a/library/HTMLPurifier/HTMLModuleManager.php +++ b/library/HTMLPurifier/HTMLModuleManager.php @@ -268,6 +268,9 @@ class HTMLPurifier_HTMLModuleManager if ($config->get('HTML.Nofollow')) { $modules[] = 'Nofollow'; } + if ($config->get('HTML.Noreferrer')) { + $modules[] = 'Noreferrer'; + } if ($config->get('HTML.TargetBlank')) { $modules[] = 'TargetBlank'; }