From 91ed7931202e085e2dc77e725ea853d60a8c22c9 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Thu, 15 Jun 2017 20:37:32 -0500
Subject: [PATCH] notes: mark links as nofollow.

---
 app/logical/note_sanitizer.rb    | 3 +++
 test/unit/note_sanitizer_test.rb | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/app/logical/note_sanitizer.rb b/app/logical/note_sanitizer.rb
index e786dc1f2..27ca58345 100644
--- a/app/logical/note_sanitizer.rb
+++ b/app/logical/note_sanitizer.rb
@@ -59,6 +59,9 @@ module NoteSanitizer
       text,
       :elements => ALLOWED_ELEMENTS,
       :attributes => ALLOWED_ATTRIBUTES,
+      :add_attributes => {
+        "a" => { "rel" => "nofollow" },
+      },
       :protocols => {
         "a" => {
           "href" => ["http", "https", :relative]
diff --git a/test/unit/note_sanitizer_test.rb b/test/unit/note_sanitizer_test.rb
index 3394219ea..e87ed67d7 100644
--- a/test/unit/note_sanitizer_test.rb
+++ b/test/unit/note_sanitizer_test.rb
@@ -16,5 +16,10 @@ class NoteSanitizerTest < ActiveSupport::TestCase
       body = '<p style="font-size: 1em;">test</p>'
       assert_equal('<p style="font-size: 1em;">test</p>', NoteSanitizer.sanitize(body))
     end
+
+    should "mark links as nofollow" do
+      body = '<a href="http://www.google.com">google</a>'
+      assert_equal('<a href="http://www.google.com" rel="nofollow">google</a>', NoteSanitizer.sanitize(body))
+    end
   end
 end