]> source.dussan.org Git - redmine.git/commitdiff
Add rel="noopener" to all external links with a target attribute (#37713).
authorMarius Balteanu <marius.balteanu@zitec.com>
Mon, 26 Sep 2022 22:34:44 +0000 (22:34 +0000)
committerMarius Balteanu <marius.balteanu@zitec.com>
Mon, 26 Sep 2022 22:34:44 +0000 (22:34 +0000)
Patch by Jens Krämer.

git-svn-id: https://svn.redmine.org/redmine/trunk@21849 e93f8b46-1217-0410-a6f0-8f06a7374b81

lib/redmine/wiki_formatting/common_mark/external_links_filter.rb
test/unit/lib/redmine/wiki_formatting/common_mark/external_links_filter_test.rb

index 2aab08aa1262f0f2fce0b999c06e476e5fe124a7..68ece55bb0cc751566739c8ad48d300a320f2e6e 100644 (file)
@@ -43,6 +43,12 @@ module Redmine
               klass,
               (scheme == "mailto" ? "email" : "external")
             ].compact.join " "
+
+            if node["target"].present? && scheme != "mailto"
+              rel = node["rel"]&.split || []
+              rel << "noopener"
+              node["rel"] = rel.join(" ")
+            end
           end
           doc
         end
index d4b76c401c6c28cdf648725cb787779fd8cab1ea..f46f69c2ed5e17562d1e48ce5c0be8a10cc2281c 100644 (file)
@@ -50,5 +50,10 @@ if Object.const_defined?(:CommonMarker)
         filter(%(<a href="http://example.com/foo#bar#">Malformed URI</a>))
       end
     end
+
+    def test_external_links_with_target_get_rel_noopener
+      assert_equal %(<a target="_blank" href="http://example.net/" class="external" rel="noopener">link</a>), filter(%(<a target="_blank" href="http://example.net/">link</a>))
+      assert_equal %(<a target="_blank" href="http://example.net/" rel="nofollow noopener" class="external">link</a>), filter(%(<a target="_blank" href="http://example.net/" rel="nofollow">link</a>))
+    end
   end
 end