mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00
Code Releases Activity

Don't add nofollow for matching hosts, generalize this code.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang 2011-06-12 10:59:27 +01:00
parent 856a5e5b89
commit 32c0ffde0c
4 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -17,6 +17,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- Explicitly initialize anonModule variable to null. - Explicitly initialize anonModule variable to null.
- Do not duplicate nofollow if already present. Thanks 178 - Do not duplicate nofollow if already present. Thanks 178
for reporting. for reporting.
- Do not add nofollow if hostname matches our current host. Thanks 178
for reporting, and Neike Taika-Tessaro for helping diagnose.
4.3.0, released 2011-03-27 4.3.0, released 2011-03-27
# Fixed broken caching of customized raw definitions, but requires an # Fixed broken caching of customized raw definitions, but requires an

2
library/HTMLPurifier/AttrTransform/Nofollow.php
View File

@ -24,7 +24,7 @@ class HTMLPurifier_AttrTransform_Nofollow extends HTMLPurifier_AttrTransform
$url = $this->parser->parse($attr['href']); $url = $this->parser->parse($attr['href']);
$scheme = $url->getSchemeObj($config, $context); $scheme = $url->getSchemeObj($config, $context);
if (!is_null($url->host) && $scheme !== false && $scheme->browsable) { if ($scheme->browsable && !$url->isLocal($config, $context)) {
if (isset($attr['rel'])) { if (isset($attr['rel'])) {
$rels = explode(' ', $attr); $rels = explode(' ', $attr);
if (!in_array('nofollow', $rels)) { if (!in_array('nofollow', $rels)) {

15
library/HTMLPurifier/URI.php
View File

@ -199,6 +199,21 @@ class HTMLPurifier_URI
return $result; return $result;
} }
/**
* Returns true if this URL might be considered a 'local' URL given
* the current context. This is true when the host is null, or
* when it matches the host supplied to the configuration.
*
* Note that this does not do any scheme checking (URI.Munge, I'm
* looking at you).
*/
public function isLocal($config, $context) {
if ($this->host === null) return true;
$uri_def = $config->getDefinition('URI');
if ($uri_def->host === $this->host) return true;
return false;
}
} }
// vim: et sw=4 sts=4 // vim: et sw=4 sts=4

9
library/HTMLPurifier/URIFilter/Munge.php
View File

@ -20,12 +20,11 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
$scheme_obj = $uri->getSchemeObj($config, $context); $scheme_obj = $uri->getSchemeObj($config, $context);
if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it if (!$scheme_obj) return true; // ignore unknown schemes, maybe another postfilter did it
if (is_null($uri->host) || empty($scheme_obj->browsable)) { if (!$scheme_obj->browsable) return true; // ignore non-browseable schemes
return true;
}
$uri_definition = $config->getDefinition('URI');
// don't redirect if target host is our host // don't redirect if target host is our host
if ($uri->host === $uri_definition->host) { if ($uri->isLocal($config, $context)) {
$uri_definition = $config->getDefinition('URI');
// but do redirect if we're currently on a secure scheme, // but do redirect if we're currently on a secure scheme,
// and the target scheme is insecure // and the target scheme is insecure
$current_scheme_obj = HTMLPurifier_URISchemeRegistry::instance()->getScheme($uri_definition->defaultScheme, $config, $context); $current_scheme_obj = HTMLPurifier_URISchemeRegistry::instance()->getScheme($uri_definition->defaultScheme, $config, $context);