Preserve rel=me on links in rich text

Fixes #3859

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index bb0d7750ade40e572ab2ee51c3235aef8c23dd99..62b5c6567faea559dbfb84127f92e06e14d145a8 100644 (file)
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -89,7 +89,7 @@ Minitest/EmptyLineBeforeAssertionMethods:
 
 # Offense count: 560
 Minitest/MultipleAssertions:
 
 # Offense count: 560
 Minitest/MultipleAssertions:

-  Max: 52
+  Max: 54

 
 # Offense count: 1
 # Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros.
 
 # Offense count: 1
 # Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros.

diff --git a/config/initializers/sanitize.rb b/config/initializers/sanitize.rb
index d6bd6c3ee780c517ab0325f19279f8a2b82b1b4c..a6cce19a96633437469f0345c07a350825345511 100644 (file)
--- a/config/initializers/sanitize.rb
+++ b/config/initializers/sanitize.rb
@@ -1,11 +1,16 @@
 Sanitize::Config::OSM = Sanitize::Config.merge(
   Sanitize::Config::RELAXED,
   :elements => Sanitize::Config::RELAXED[:elements] - %w[div style],
 Sanitize::Config::OSM = Sanitize::Config.merge(
   Sanitize::Config::RELAXED,
   :elements => Sanitize::Config::RELAXED[:elements] - %w[div style],

-  :add_attributes => { "a" => { "rel" => "nofollow noopener noreferrer" } },

   :remove_contents => %w[script style],
   :transformers => lambda do |env|
     env[:node].remove_class
     env[:node].kwattr_remove("style", nil)
     env[:node].add_class("table table-sm w-auto") if env[:node_name] == "table"
   :remove_contents => %w[script style],
   :transformers => lambda do |env|
     env[:node].remove_class
     env[:node].kwattr_remove("style", nil)
     env[:node].add_class("table table-sm w-auto") if env[:node_name] == "table"

+
+    if env[:node_name] == "a"
+      rel = env[:node]["rel"] || ""
+
+      env[:node]["rel"] = rel.split.select { |r| r == "me" }.append("nofollow", "noopener", "noreferrer").sort.join(" ")
+    end

   end
 )
   end
 )

diff --git a/test/lib/rich_text_test.rb b/test/lib/rich_text_test.rb
index 9d00d658d5bac697b3e4a8bce6e4bfb01fc52469..aa99e2a4dc6ff9e80de7985ec8a96897a17dd3e1 100644 (file)
--- a/test/lib/rich_text_test.rb
+++ b/test/lib/rich_text_test.rb
@@ -18,6 +18,13 @@ class RichTextTest < ActiveSupport::TestCase
       assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
       assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 

+    r = RichText.new("html", "foo <a rel='junk me trash' href='http://example.com/'>bar</a> baz")
+    assert_html r do
+      assert_select "a", 1
+      assert_select "a[href='http://example.com/']", 1
+      assert_select "a[rel='me nofollow noopener noreferrer']", 1
+    end
+

     r = RichText.new("html", "foo example@example.com bar")
     assert_html r do
       assert_select "a", 0
     r = RichText.new("html", "foo example@example.com bar")
     assert_html r do
       assert_select "a", 0


@@ -91,6 +98,13 @@ class RichTextTest < ActiveSupport::TestCase
       assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 
       assert_select "a[rel='nofollow noopener noreferrer']", 1
     end
 

+    r = RichText.new("markdown", "foo <a rel='junk me trash' href='http://example.com/'>bar</a>) baz")
+    assert_html r do
+      assert_select "a", 1
+      assert_select "a[href='http://example.com/']", 1
+      assert_select "a[rel='me nofollow noopener noreferrer']", 1
+    end
+

     r = RichText.new("markdown", "foo example@example.com bar")
     assert_html r do
       assert_select "a", 1
     r = RichText.new("markdown", "foo example@example.com bar")
     assert_html r do
       assert_select "a", 1