From: Tom Hughes Date: Thu, 29 Dec 2022 17:58:22 +0000 (+0000) Subject: Preserve rel=me on links in rich text X-Git-Tag: live~1436 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/6033359bd07e3da09efd2ffe7a2558dbcffbc1c2?ds=sidebyside Preserve rel=me on links in rich text Fixes #3859 --- diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index bb0d7750a..62b5c6567 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -89,7 +89,7 @@ Minitest/EmptyLineBeforeAssertionMethods: # Offense count: 560 Minitest/MultipleAssertions: - Max: 52 + Max: 54 # Offense count: 1 # Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros. diff --git a/config/initializers/sanitize.rb b/config/initializers/sanitize.rb index d6bd6c3ee..a6cce19a9 100644 --- a/config/initializers/sanitize.rb +++ b/config/initializers/sanitize.rb @@ -1,11 +1,16 @@ Sanitize::Config::OSM = Sanitize::Config.merge( Sanitize::Config::RELAXED, :elements => Sanitize::Config::RELAXED[:elements] - %w[div style], - :add_attributes => { "a" => { "rel" => "nofollow noopener noreferrer" } }, :remove_contents => %w[script style], :transformers => lambda do |env| env[:node].remove_class env[:node].kwattr_remove("style", nil) env[:node].add_class("table table-sm w-auto") if env[:node_name] == "table" + + if env[:node_name] == "a" + rel = env[:node]["rel"] || "" + + env[:node]["rel"] = rel.split.select { |r| r == "me" }.append("nofollow", "noopener", "noreferrer").sort.join(" ") + end end ) diff --git a/test/lib/rich_text_test.rb b/test/lib/rich_text_test.rb index 9d00d658d..aa99e2a4d 100644 --- a/test/lib/rich_text_test.rb +++ b/test/lib/rich_text_test.rb @@ -18,6 +18,13 @@ class RichTextTest < ActiveSupport::TestCase assert_select "a[rel='nofollow noopener noreferrer']", 1 end + r = RichText.new("html", "foo bar baz") + assert_html r do + assert_select "a", 1 + assert_select "a[href='http://example.com/']", 1 + assert_select "a[rel='me nofollow noopener noreferrer']", 1 + end + r = RichText.new("html", "foo example@example.com bar") assert_html r do assert_select "a", 0 @@ -91,6 +98,13 @@ class RichTextTest < ActiveSupport::TestCase assert_select "a[rel='nofollow noopener noreferrer']", 1 end + r = RichText.new("markdown", "foo bar) baz") + assert_html r do + assert_select "a", 1 + assert_select "a[href='http://example.com/']", 1 + assert_select "a[rel='me nofollow noopener noreferrer']", 1 + end + r = RichText.new("markdown", "foo example@example.com bar") assert_html r do assert_select "a", 1