jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add rel="noreferrer" to external links.

Browse Source 
Tells browsers not to send the Referer header when following external
links. Among other things, this bypasses Pixiv's anti-hotlinking
protection when opening direct image sources from Pixiv.
This commit is contained in:
evazion
2019-10-06 01:32:14 -05:00
parent ce33cd8b02
commit 61619b719e
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/helpers/application_helper.rb
View File

@@ -80,14 +80,14 @@ module ApplicationHelper
time_tag(time.strftime("%Y-%m-%d %H:%M"), time)
end
def external_link_to(url, truncate: nil, strip: false, link_options: {})
def external_link_to(url, truncate: nil, strip: false, **link_options)
text = url
text = text.gsub(%r!\Ahttps?://!i, "") if strip == :scheme
text = text.gsub(%r!\Ahttps?://(?:www\.)?!i, "") if strip == :subdomain
text = text.truncate(truncate) if truncate
if url =~ %r!\Ahttps?://!i
link_to text, url, {rel: :nofollow}.merge(link_options)
link_to text, url, rel: "noreferrer nofollow", **link_options
else
url
end

2
app/helpers/posts_helper.rb
View File

@@ -61,7 +61,7 @@ module PostsHelper
def post_source_tag(post)
# Only allow http:// and https:// links. Disallow javascript: links.
if post.source =~ %r!\Ahttps?://!i
external_link_to(post.normalized_source, strip: :subdomain, truncate: 20) + " ".html_safe + link_to("»", post.source, rel: :nofollow)
external_link_to(post.normalized_source, strip: :subdomain, truncate: 20) + " ".html_safe + link_to("»", post.source, rel: "noreferrer nofollow")
else
truncate(post.source, length: 100)
end