Commit 2ca0e9d6 authored by Robert Speicher's avatar Robert Speicher Committed by Robert Speicher

Merge branch 'dev_issue_15331' into 'master'

Fixes window.opener bug

Adds `noreferrer` value to rel attribute for external links

REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15331

See merge request !1953
parent a987a19c
...@@ -3,8 +3,7 @@ require 'html/pipeline/filter' ...@@ -3,8 +3,7 @@ require 'html/pipeline/filter'
module Gitlab module Gitlab
module Markdown module Markdown
# HTML Filter to add a `rel="nofollow"` attribute to external links # HTML Filter to modify the attributes of external links
#
class ExternalLinkFilter < HTML::Pipeline::Filter class ExternalLinkFilter < HTML::Pipeline::Filter
def call def call
doc.search('a').each do |node| doc.search('a').each do |node|
...@@ -18,7 +17,7 @@ module Gitlab ...@@ -18,7 +17,7 @@ module Gitlab
# Skip internal links # Skip internal links
next if link.start_with?(internal_url) next if link.start_with?(internal_url)
node.set_attribute('rel', 'nofollow') node.set_attribute('rel', 'nofollow noreferrer')
end end
doc doc
......
...@@ -165,7 +165,12 @@ describe 'GitLab Markdown', feature: true do ...@@ -165,7 +165,12 @@ describe 'GitLab Markdown', feature: true do
describe 'ExternalLinkFilter' do describe 'ExternalLinkFilter' do
it 'adds nofollow to external link' do it 'adds nofollow to external link' do
link = doc.at_css('a:contains("Google")') link = doc.at_css('a:contains("Google")')
expect(link.attr('rel')).to match 'nofollow' expect(link.attr('rel')).to include('nofollow')
end
it 'adds noreferrer to external link' do
link = doc.at_css('a:contains("Google")')
expect(link.attr('rel')).to include('noreferrer')
end end
it 'ignores internal link' do it 'ignores internal link' do
......
...@@ -25,7 +25,15 @@ module Gitlab::Markdown ...@@ -25,7 +25,15 @@ module Gitlab::Markdown
doc = filter(act) doc = filter(act)
expect(doc.at_css('a')).to have_attribute('rel') expect(doc.at_css('a')).to have_attribute('rel')
expect(doc.at_css('a')['rel']).to eq 'nofollow' expect(doc.at_css('a')['rel']).to include 'nofollow'
end
it 'adds rel="noreferrer" to external links' do
act = %q(<a href="https://google.com/">Google</a>)
doc = filter(act)
expect(doc.at_css('a')).to have_attribute('rel')
expect(doc.at_css('a')['rel']).to include 'noreferrer'
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment