diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-04-21 23:49:41 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-25 22:50:38 +0300 |
| commit | 6233e8be5c39c0c700fbecc384745066dde3551e (patch) | |
| tree | 8cc17f8639fe996bfcb87a42db6aec2dcda7a4a4 | |
| parent | 4c8388018237d3b917ef6fd1a7b1dd62b8f838df (diff) | |
Merge branch 'dev_issue_15331' into 'master'
Fixes window.opener bug
Adds `noreferrer` value to rel attribute for external links
REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15331
See merge request !1953
| -rw-r--r-- | lib/banzai/filter/external_link_filter.rb | 5 | ||||
| -rw-r--r-- | spec/features/markdown_spec.rb | 7 | ||||
| -rw-r--r-- | spec/lib/banzai/filter/external_link_filter_spec.rb | 10 |
3 files changed, 17 insertions, 5 deletions
diff --git a/lib/banzai/filter/external_link_filter.rb b/lib/banzai/filter/external_link_filter.rb index ac87b9820af..329de02da49 100644 --- a/lib/banzai/filter/external_link_filter.rb +++ b/lib/banzai/filter/external_link_filter.rb @@ -3,8 +3,7 @@ require 'html/pipeline/filter' module Banzai module Filter - # HTML Filter to add a `rel="nofollow"` attribute to external links - # + # HTML Filter to modify the attributes of external links class ExternalLinkFilter < HTML::Pipeline::Filter def call doc.search('a').each do |node| @@ -18,7 +17,7 @@ module Banzai # Skip internal links next if link.start_with?(internal_url) - node.set_attribute('rel', 'nofollow') + node.set_attribute('rel', 'nofollow noreferrer') end doc diff --git a/spec/features/markdown_spec.rb b/spec/features/markdown_spec.rb index fdd8cf07b12..755aca4d51e 100644 --- a/spec/features/markdown_spec.rb +++ b/spec/features/markdown_spec.rb @@ -165,7 +165,12 @@ describe 'GitLab Markdown', feature: true do describe 'ExternalLinkFilter' do it 'adds nofollow to external link' do link = doc.at_css('a:contains("Google")') - expect(link.attr('rel')).to match 'nofollow' + expect(link.attr('rel')).to include('nofollow') + end + + it 'adds noreferrer to external link' do + link = doc.at_css('a:contains("Google")') + expect(link.attr('rel')).to include('noreferrer') end it 'ignores internal link' do diff --git a/spec/lib/banzai/filter/external_link_filter_spec.rb b/spec/lib/banzai/filter/external_link_filter_spec.rb index e3a8e15330e..f4c5c621bd0 100644 --- a/spec/lib/banzai/filter/external_link_filter_spec.rb +++ b/spec/lib/banzai/filter/external_link_filter_spec.rb @@ -24,6 +24,14 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do doc = filter(act) expect(doc.at_css('a')).to have_attribute('rel') - expect(doc.at_css('a')['rel']).to eq 'nofollow' + expect(doc.at_css('a')['rel']).to include 'nofollow' + end + + it 'adds rel="noreferrer" to external links' do + act = %q(<a href="https://google.com/">Google</a>) + doc = filter(act) + + expect(doc.at_css('a')).to have_attribute('rel') + expect(doc.at_css('a')['rel']).to include 'noreferrer' end end |