Mark links in notes and fetch source data box as external.

2019-10-13 18:53:46 -05:00
parent 7ebf6ed9d7
commit 07116d1445
4 changed files with 7 additions and 8 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -78,8 +78,7 @@ module ApplicationHelper
    time_tag(time.strftime("%Y-%m-%d %H:%M"), time)
  end
-  def external_link_to(url, truncate: nil, strip: false, **link_options)
+  def external_link_to(url, text = url, truncate: nil, strip: false, **link_options)
    text = url
    text = text.gsub(%r!\Ahttps?://!i, "") if strip == :scheme
    text = text.gsub(%r!\Ahttps?://(?:www\.)?!i, "") if strip == :subdomain
    text = text.truncate(truncate) if truncate
--- a/app/logical/note_sanitizer.rb
+++ b/app/logical/note_sanitizer.rb
@@ -61,7 +61,7 @@ module NoteSanitizer
      :elements => ALLOWED_ELEMENTS,
      :attributes => ALLOWED_ATTRIBUTES,
      :add_attributes => {
-        "a" => { "rel" => "nofollow" },
+        "a" => { "rel" => "external noreferrer nofollow" },
      },
      :protocols => {
        "a" => {
--- a/app/views/sources/_info.html.erb
+++ b/app/views/sources/_info.html.erb
@@ -12,7 +12,7 @@
          <% if @source.artist_name.blank? %>
            <em>None</em>
          <% else %>
-            <%= link_to @source.artist_name, @source.profile_url, id: "source-info-artist-profile" %>
+            <%= external_link_to @source.profile_url, @source.artist_name, id: "source-info-artist-profile" %>
            <% if @source.artists.empty? %>
              (<%= link_to "Create new artist", new_artist_path(artist: { source: @source.canonical_url }), id: "source-info-create-new-artist" %>)
@@ -35,7 +35,7 @@
          <% else %>
            <ul>
              <% @source.tags.each do |tag, href| %>
-                <li><%= link_to tag, href, rel: :nofollow %></li>
+                <li><%= external_link_to href, tag %></li>
              <% end %>
            </ul>
--- a/test/unit/note_sanitizer_test.rb
+++ b/test/unit/note_sanitizer_test.rb
@@ -19,19 +19,19 @@ class NoteSanitizerTest < ActiveSupport::TestCase
    should "mark links as nofollow" do
      body = '<a href="http://www.google.com">google</a>'
-      assert_equal('<a href="http://www.google.com" rel="nofollow">google</a>', NoteSanitizer.sanitize(body))
+      assert_equal('<a href="http://www.google.com" rel="external noreferrer nofollow">google</a>', NoteSanitizer.sanitize(body))
    end
    should "rewrite absolute links to relative links" do
      Danbooru.config.stubs(:hostnames).returns(%w[danbooru.donmai.us sonohara.donmai.us hijiribe.donmai.us])
      body = '<a href="http://sonohara.donmai.us/posts?tags=touhou#dtext-intro">touhou</a>'
-      assert_equal('<a href="/posts?tags=touhou#dtext-intro" rel="nofollow">touhou</a>', NoteSanitizer.sanitize(body))
+      assert_equal('<a href="/posts?tags=touhou#dtext-intro" rel="external noreferrer nofollow">touhou</a>', NoteSanitizer.sanitize(body))
    end
    should "not fail when rewriting bad links" do
      body = %{<a href ="\nhttp!://www.google.com:12x3">google</a>}
-      assert_equal(%{<a rel="nofollow">google</a>}, NoteSanitizer.sanitize(body))
+      assert_equal(%{<a rel="external noreferrer nofollow">google</a>}, NoteSanitizer.sanitize(body))
    end
  end
 end