From 61619b719e1422a80bba29bc6106f44f80fefe6f Mon Sep 17 00:00:00 2001 From: evazion Date: Sun, 6 Oct 2019 01:32:14 -0500 Subject: [PATCH] Add rel="noreferrer" to external links. Tells browsers not to send the Referer header when following external links. Among other things, this bypasses Pixiv's anti-hotlinking protection when opening direct image sources from Pixiv. --- app/helpers/application_helper.rb | 4 ++-- app/helpers/posts_helper.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 2de4ff84f..c63b0434a 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -80,14 +80,14 @@ module ApplicationHelper time_tag(time.strftime("%Y-%m-%d %H:%M"), time) end - def external_link_to(url, truncate: nil, strip: false, link_options: {}) + def external_link_to(url, truncate: nil, strip: false, **link_options) text = url text = text.gsub(%r!\Ahttps?://!i, "") if strip == :scheme text = text.gsub(%r!\Ahttps?://(?:www\.)?!i, "") if strip == :subdomain text = text.truncate(truncate) if truncate if url =~ %r!\Ahttps?://!i - link_to text, url, {rel: :nofollow}.merge(link_options) + link_to text, url, rel: "noreferrer nofollow", **link_options else url end diff --git a/app/helpers/posts_helper.rb b/app/helpers/posts_helper.rb index 6ce8c0f41..884663afc 100644 --- a/app/helpers/posts_helper.rb +++ b/app/helpers/posts_helper.rb @@ -61,7 +61,7 @@ module PostsHelper def post_source_tag(post) # Only allow http:// and https:// links. Disallow javascript: links. if post.source =~ %r!\Ahttps?://!i - external_link_to(post.normalized_source, strip: :subdomain, truncate: 20) + " ".html_safe + link_to("»", post.source, rel: :nofollow) + external_link_to(post.normalized_source, strip: :subdomain, truncate: 20) + " ".html_safe + link_to("»", post.source, rel: "noreferrer nofollow") else truncate(post.source, length: 100) end