diff options
author | Robert Speicher <robert@gitlab.com> | 2016-04-21 20:49:41 +0000 |
---|---|---|
committer | Yorick Peterse <yorick@gitlab.com> | 2016-04-25 21:49:24 +0000 |
commit | 9cc7e37ebef6ff0abc3cca20138724b6ec552b04 (patch) | |
tree | 84d8ae13243efdc7b85da8550048157d56d1c629 | |
parent | 320e0b7fa77d145e669af89640cf349dfdd9986c (diff) | |
download | gitlab-ce-9cc7e37ebef6ff0abc3cca20138724b6ec552b04.tar.gz |
Merge branch 'dev_issue_15331' into 'master'
Fixes window.opener bug
Adds `noreferrer` value to rel attribute for external links
REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15331
See merge request !1953
-rw-r--r-- | lib/banzai/filter/external_link_filter.rb | 5 | ||||
-rw-r--r-- | spec/features/markdown_spec.rb | 7 | ||||
-rw-r--r-- | spec/lib/banzai/filter/external_link_filter_spec.rb | 10 |
3 files changed, 17 insertions, 5 deletions
diff --git a/lib/banzai/filter/external_link_filter.rb b/lib/banzai/filter/external_link_filter.rb index d179bea181e..38c4219518e 100644 --- a/lib/banzai/filter/external_link_filter.rb +++ b/lib/banzai/filter/external_link_filter.rb @@ -1,7 +1,6 @@ module Banzai module Filter - # HTML Filter to add a `rel="nofollow"` attribute to external links - # + # HTML Filter to modify the attributes of external links class ExternalLinkFilter < HTML::Pipeline::Filter def call doc.search('a').each do |node| @@ -15,7 +14,7 @@ module Banzai # Skip internal links next if link.start_with?(internal_url) - node.set_attribute('rel', 'nofollow') + node.set_attribute('rel', 'nofollow noreferrer') end doc diff --git a/spec/features/markdown_spec.rb b/spec/features/markdown_spec.rb index 3d0d0e59fd7..0148c87084a 100644 --- a/spec/features/markdown_spec.rb +++ b/spec/features/markdown_spec.rb @@ -165,7 +165,12 @@ describe 'GitLab Markdown', feature: true do describe 'ExternalLinkFilter' do it 'adds nofollow to external link' do link = doc.at_css('a:contains("Google")') - expect(link.attr('rel')).to match 'nofollow' + expect(link.attr('rel')).to include('nofollow') + end + + it 'adds noreferrer to external link' do + link = doc.at_css('a:contains("Google")') + expect(link.attr('rel')).to include('noreferrer') end it 'ignores internal link' do diff --git a/spec/lib/banzai/filter/external_link_filter_spec.rb b/spec/lib/banzai/filter/external_link_filter_spec.rb index e3a8e15330e..f4c5c621bd0 100644 --- a/spec/lib/banzai/filter/external_link_filter_spec.rb +++ b/spec/lib/banzai/filter/external_link_filter_spec.rb @@ -24,6 +24,14 @@ describe Banzai::Filter::ExternalLinkFilter, lib: true do doc = filter(act) expect(doc.at_css('a')).to have_attribute('rel') - expect(doc.at_css('a')['rel']).to eq 'nofollow' + expect(doc.at_css('a')['rel']).to include 'nofollow' + end + + it 'adds rel="noreferrer" to external links' do + act = %q(<a href="https://google.com/">Google</a>) + doc = filter(act) + + expect(doc.at_css('a')).to have_attribute('rel') + expect(doc.at_css('a')['rel']).to include 'noreferrer' end end |