From 2ff74989c7a5e7281ec301fcb51e2bb0f9d07f60 Mon Sep 17 00:00:00 2001 From: Cameron Ball Date: Mon, 15 Feb 2016 12:59:20 +0800 Subject: [PATCH] Implement HTML.Noreferrer. --- library/HTMLPurifier.includes.php | 2 + library/HTMLPurifier.safe-includes.php | 2 + .../HTMLPurifier/AttrTransform/Noreferrer.php | 42 ++++++++++++++++++ library/HTMLPurifier/ConfigSchema/schema.ser | Bin 15398 -> 15479 bytes .../ConfigSchema/schema/HTML.Noreferrer.txt | 7 +++ .../HTMLPurifier/HTMLModule/Noreferrer.php | 21 +++++++++ library/HTMLPurifier/HTMLModuleManager.php | 3 ++ 7 files changed, 77 insertions(+) create mode 100644 library/HTMLPurifier/AttrTransform/Noreferrer.php create mode 100644 library/HTMLPurifier/ConfigSchema/schema/HTML.Noreferrer.txt create mode 100644 library/HTMLPurifier/HTMLModule/Noreferrer.php diff --git a/library/HTMLPurifier.includes.php b/library/HTMLPurifier.includes.php index fdb58c2d..de8d82d2 100644 --- a/library/HTMLPurifier.includes.php +++ b/library/HTMLPurifier.includes.php @@ -132,6 +132,7 @@ require 'HTMLPurifier/AttrTransform/Length.php'; require 'HTMLPurifier/AttrTransform/Name.php'; require 'HTMLPurifier/AttrTransform/NameSync.php'; require 'HTMLPurifier/AttrTransform/Nofollow.php'; +require 'HTMLPurifier/AttrTransform/Noreferrer.php'; require 'HTMLPurifier/AttrTransform/SafeEmbed.php'; require 'HTMLPurifier/AttrTransform/SafeObject.php'; require 'HTMLPurifier/AttrTransform/SafeParam.php'; @@ -163,6 +164,7 @@ require 'HTMLPurifier/HTMLModule/List.php'; require 'HTMLPurifier/HTMLModule/Name.php'; require 'HTMLPurifier/HTMLModule/Nofollow.php'; require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php'; +require 'HTMLPurifier/HTMLModule/Noreferrer.php'; require 'HTMLPurifier/HTMLModule/Object.php'; require 'HTMLPurifier/HTMLModule/Presentation.php'; require 'HTMLPurifier/HTMLModule/Proprietary.php'; diff --git a/library/HTMLPurifier.safe-includes.php b/library/HTMLPurifier.safe-includes.php index 9dea6d1e..0f1e7ebb 100644 --- a/library/HTMLPurifier.safe-includes.php +++ b/library/HTMLPurifier.safe-includes.php @@ -126,6 +126,7 @@ require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/Nofollow.php'; +require_once $__dir . '/HTMLPurifier/AttrTransform/Noreferrer.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php'; require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php'; @@ -157,6 +158,7 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/List.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Nofollow.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php'; +require_once $__dir . '/HTMLPurifier/HTMLModule/Noreferrer.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php'; require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php'; diff --git a/library/HTMLPurifier/AttrTransform/Noreferrer.php b/library/HTMLPurifier/AttrTransform/Noreferrer.php new file mode 100644 index 00000000..e877408c --- /dev/null +++ b/library/HTMLPurifier/AttrTransform/Noreferrer.php @@ -0,0 +1,42 @@ +parser = new HTMLPurifier_URIParser(); + } + + /** + * @param array $attr + * @param HTMLPurifier_Config $config + * @param HTMLPurifier_Context $context + * @return array + */ + public function transform($attr, $config, $context) + { + // Nothing to do If we already have noreferrer in the rel attribute + if (!empty($attr['rel']) && substr($attr['rel'], 'noreferrer') !== false) { + return $attr; + } + + // If _blank target attribute exists, add rel=noreferrer + if (!empty($attr['target']) && $attr['target'] == '_blank') { + $attr['rel'] = !empty($attr['rel']) ? $attr['rel'] . ' noreferrer' : 'noreferrer'; + } + + return $attr; + } +} + diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser index 30785dcf52c6e4c95a489d008d6213b8653e5fcb..0a42627c40b3050301b3de69571bbccf402cb2b6 100644 GIT binary patch delta 105 zcmZ2h@x5Y#Iium^gQ~I{LqG8fnOZ4%g!uaC`Q;a-rll4Yr50_r<2%WMUj?7yCKg7M Q%?DMJ1+W<)ZN|+80M~LP2><{9 delta 55 zcmexfv8-Z(IitZw3x2-IrDg(~V-+)4Cf^eBKoOeB!e~6vLUyx=nw!ApQZptt02w6_ AQ~&?~ diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.Noreferrer.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.Noreferrer.txt new file mode 100644 index 00000000..5389ffe7 --- /dev/null +++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.Noreferrer.txt @@ -0,0 +1,7 @@ +HTML.Noreferrer +TYPE: bool +VERSION: 4.3.0 +DEFAULT: FALSE +--DESCRIPTION-- +If enabled, noreferrer rel attributes are added to all outgoing links. +--# vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/HTMLModule/Noreferrer.php b/library/HTMLPurifier/HTMLModule/Noreferrer.php new file mode 100644 index 00000000..3f9a76e1 --- /dev/null +++ b/library/HTMLPurifier/HTMLModule/Noreferrer.php @@ -0,0 +1,21 @@ +addBlankElement('a'); + $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_Noreferrer(); + } +} \ No newline at end of file diff --git a/library/HTMLPurifier/HTMLModuleManager.php b/library/HTMLPurifier/HTMLModuleManager.php index f3a17cb0..44406688 100644 --- a/library/HTMLPurifier/HTMLModuleManager.php +++ b/library/HTMLPurifier/HTMLModuleManager.php @@ -268,6 +268,9 @@ class HTMLPurifier_HTMLModuleManager if ($config->get('HTML.Nofollow')) { $modules[] = 'Nofollow'; } + if ($config->get('HTML.Noreferrer')) { + $modules[] = 'Noreferrer'; + } if ($config->get('HTML.TargetBlank')) { $modules[] = 'TargetBlank'; }