Ticket #43187: 43187.4.diff
File 43187.4.diff, 9.5 KB (added by , 7 years ago) |
---|
-
src/wp-includes/default-filters.php
475 475 // Shortcodes 476 476 add_filter( 'the_content', 'do_shortcode', 11 ); // AFTER wpautop() 477 477 478 // Phishing prevention, applied to existing content, and new content (using pre_kses) 479 foreach ( array( 'comment_text', 'the_title', 'the_content', 'pre_kses' ) as $filter ) { 480 add_filter( $filter, 'wp_rel_nofollow_noopener', 10 ); 481 } 482 478 483 // Media 479 484 add_action( 'wp_playlist_scripts', 'wp_playlist_scripts' ); 480 485 add_action( 'customize_controls_enqueue_scripts', 'wp_plupload_default_settings' ); -
src/wp-includes/formatting.php
2985 2985 } 2986 2986 2987 2987 /** 2988 * Adds rel nofollow and noopener to all HTML A elements that have a target. 2989 * 2990 * @param string $text Content that may contain HTML A elements. 2991 * @return string Converted content. 2992 */ 2993 function wp_rel_nofollow_noopener( $text ) { 2994 $text = preg_replace_callback( '|<a ([^>]*\s*target\s*=[^>]*)>|i', 'wp_rel_nofollow_noopener_callback', $text ); 2995 return $text; 2996 } 2997 2998 /** 2999 * Callback to add rel="nofollow noopener" string to HTML A element. 3000 * 3001 * Will remove already existing nofollow and noopener from the 3002 * string to prevent from invalidating (X)HTML. 3003 * 3004 * @param array $matches Single Match 3005 * @return string HTML A Element with rel nofollow and noopener if the target is set 3006 */ 3007 function wp_rel_nofollow_noopener_callback( $matches ) { 3008 $text = $matches[1]; 3009 $rel = 'nofollow noopener'; 3010 $rel_match = array(); 3011 3012 // value with delimiters, spaces around = optional 3013 $attr_regex = '|rel\s*=\s*?(["\'])(.*?)\\1|i'; 3014 preg_match( $attr_regex, $text, $rel_match ); 3015 3016 if ( empty( $rel_match[0] ) ) { 3017 // no delimters, try with a single value and spaces, because `rel = va"lue` is totally fine... 3018 $attr_regex = '|rel\s*=(\s*)([^\s]*)|i'; 3019 preg_match( $attr_regex, $text, $rel_match ); 3020 } 3021 3022 if ( ! empty( $rel_match[0] ) ) { 3023 $parts = preg_split( '|\s+|', strtolower( $rel_match[2] ) ); 3024 $parts = array_map( 'esc_attr', $parts ); 3025 if ( false === in_array( 'nofollow', $parts ) ) { 3026 $parts[] = 'nofollow'; 3027 } 3028 if ( false === in_array( 'noopener', $parts ) ) { 3029 $parts[] = 'noopener'; 3030 } 3031 $rel = 'rel="' . trim( implode( ' ', $parts ) ) . '"'; 3032 3033 $text = str_replace( $rel_match[0], $rel, $text ); 3034 } else { 3035 $text .= " rel=\"$rel\""; 3036 } 3037 return "<a $text>"; 3038 } 3039 3040 /** 2988 3041 * Callback to add rel=nofollow string to HTML A element. 2989 3042 * 2990 3043 * Will remove already existing rel="nofollow" and rel='nofollow' from the -
tests/phpunit/tests/formatting/WPRelNoFollowNoOpener.php
1 <?php 2 3 /** 4 * @group formatting 5 */ 6 class Tests_Rel_No_Follow_No_Opener extends WP_UnitTestCase { 7 8 public function test_add_no_follow_no_opener_to_links_with_target() { 9 $content = '<p>Links: <a href="/" target="_blank">No rel</a></p>'; 10 $expected = '<p>Links: <a href="/" target="_blank" rel="nofollow noopener">No rel</a></p>'; 11 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 12 } 13 14 public function test_target_as_first_attribute() { 15 $content = '<p>Links: <a target="_blank" href="#">No rel</a></p>'; 16 $expected = '<p>Links: <a target="_blank" href="#" rel="nofollow noopener">No rel</a></p>'; 17 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 18 } 19 20 public function test_add_no_follow_no_opener_to_existing_rel() { 21 $content = '<p>Links: <a href="/" rel="existing values" target="_blank">Existing rel</a></p>'; 22 $expected = '<p>Links: <a href="/" rel="existing values nofollow noopener" target="_blank">Existing rel</a></p>'; 23 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 24 } 25 26 public function test_no_duplicate_values_added() { 27 $content = '<p>Links: <a href="/" rel="existing noopener values" target="_blank">Existing rel</a></p>'; 28 $expected = '<p>Links: <a href="/" rel="existing noopener values nofollow" target="_blank">Existing rel</a></p>'; 29 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 30 } 31 32 public function test_rel_with_single_quote_delimiter() { 33 $content = '<p>Links: <a href="/" rel=\'existing values\' target="_blank">Existing rel</a></p>'; 34 $expected = '<p>Links: <a href="/" rel="existing values nofollow noopener" target="_blank">Existing rel</a></p>'; 35 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 36 } 37 38 public function test_rel_with_no_delimiter() { 39 $content = '<p>Links: <a href="/" rel=existing target="_blank">Existing rel</a></p>'; 40 $expected = '<p>Links: <a href="/" rel="existing nofollow noopener" target="_blank">Existing rel</a></p>'; 41 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 42 } 43 44 public function test_rel_value_spaced_and_no_delimiter() { 45 $content = '<p>Links: <a href="/" rel = existing target="_blank">Existing rel</a></p>'; 46 $expected = '<p>Links: <a href="/" rel="existing nofollow noopener" target="_blank">Existing rel</a></p>'; 47 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 48 } 49 50 public function test_rel_value_spaced_and_no_delimiter_and_values_to_escape() { 51 $content = '<p>Links: <a href="/" rel = existing"value target="_blank">Existing rel</a></p>'; 52 $expected = '<p>Links: <a href="/" rel="existing"value nofollow noopener" target="_blank">Existing rel</a></p>'; 53 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 54 } 55 56 public function test_ignore_links_with_no_target() { 57 $content = '<p>Links: <a href="/" target="_blank">Change me</a> <a href="/">Do not change me</a></p>'; 58 $expected = '<p>Links: <a href="/" target="_blank" rel="nofollow noopener">Change me</a> <a href="/">Do not change me</a></p>'; 59 $this->assertEquals( $expected, wp_rel_nofollow_noopener( $content ) ); 60 } 61 62 } -
tests/phpunit/tests/kses.php
Property changes on: tests/phpunit/tests/formatting/WPRelNoFollowNoOpener.php ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property
45 45 'rel' => 'related', 46 46 'rev' => 'revision', 47 47 'name' => 'name', 48 'target' => '_blank',49 48 ); 50 49 51 50 foreach ( $attributes as $name => $value ) { … … 55 54 } 56 55 } 57 56 57 function test_wp_filter_post_kses_a_with_target() { 58 global $allowedposttags; 59 $string = '<a target="_blank">I link this</a>'; 60 $expect_string = '<a target="_blank" rel="nofollow noopener">I link this</a>'; 61 $this->assertEquals( $expect_string, wp_kses( $string, $allowedposttags ) ); 62 } 63 58 64 /** 59 65 * @ticket 20210 60 66 */ -
tests/phpunit/tests/rest-api/rest-attachments-controller.php
1011 1011 // Expected returned values. 1012 1012 array( 1013 1013 'title' => array( 1014 'raw' => '<a href="#"> link</a>',1015 'rendered' => '<a href="#"> link</a>',1014 'raw' => '<a href="#">title link</a>', 1015 'rendered' => '<a href="#">title link</a>', 1016 1016 ), 1017 1017 'description' => array( 1018 'raw' => '<a href="#" target="_blank" >link</a>',1019 'rendered' => '<p><a href="#" target="_blank" >link</a></p>',1018 'raw' => '<a href="#" target="_blank" rel="nofollow noopener">link</a>', 1019 'rendered' => '<p><a href="#" target="_blank" rel="nofollow noopener">link</a></p>', 1020 1020 ), 1021 1021 'caption' => array( 1022 'raw' => '<a href="#" target="_blank" >link</a>',1023 'rendered' => '<p><a href="#" target="_blank" >link</a></p>',1022 'raw' => '<a href="#" target="_blank" rel="nofollow noopener">link</a>', 1023 'rendered' => '<p><a href="#" target="_blank" rel="nofollow noopener">link</a></p>', 1024 1024 ), 1025 1025 ), 1026 1026 ), -
tests/phpunit/tests/rest-api/rest-posts-controller.php
3185 3185 'rendered' => '<a href="#">link</a>', 3186 3186 ), 3187 3187 'content' => array( 3188 'raw' => '<a href="#" target="_blank" >link</a>',3189 'rendered' => '<p><a href="#" target="_blank" >link</a></p>',3188 'raw' => '<a href="#" target="_blank" rel="nofollow noopener">link</a>', 3189 'rendered' => '<p><a href="#" target="_blank" rel="nofollow noopener">link</a></p>', 3190 3190 ), 3191 3191 'excerpt' => array( 3192 'raw' => '<a href="#" target="_blank" >link</a>',3193 'rendered' => '<p><a href="#" target="_blank" >link</a></p>',3192 'raw' => '<a href="#" target="_blank" rel="nofollow noopener">link</a>', 3193 'rendered' => '<p><a href="#" target="_blank" rel="nofollow noopener">link</a></p>', 3194 3194 ), 3195 3195 ), 3196 3196 ),