Make WordPress Core

Changeset 43930


Ignore:
Timestamp:
11/22/2018 12:24:01 AM (6 years ago)
Author:
peterwilsoncc
Message:

Formatting: Revert pre-save filter adding rel="noopener".

Removes filters adding rel="noopener" to links targeting _blank.

Previous implementation could introduce blank rel attributes and could corrupt JSON data when saving via the customizer.

See #43187.
Reverts [43732] and [43733] from the 5.0 branch.

Location:
branches/5.0
Files:
1 deleted
4 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0/src/wp-includes/default-filters.php

    r43812 r43930  
    118118    add_filter( $filter, 'balanceTags', 50 );
    119119}
    120 
    121 // Add proper rel values for links with target.
    122 foreach ( array(
    123     'title_save_pre',
    124     'content_save_pre',
    125     'excerpt_save_pre',
    126     'content_filtered_save_pre',
    127     'pre_comment_content',
    128     'pre_term_description',
    129     'pre_link_description',
    130     'pre_link_notes',
    131     'pre_user_description',
    132 ) as $filter ) {
    133     add_filter( $filter, 'wp_targeted_link_rel' );
    134 };
    135120
    136121// Format strings for display.
  • branches/5.0/src/wp-includes/formatting.php

    r43884 r43930  
    27722772    }
    27732773    return "<a $text rel=\"$rel\">";
    2774 }
    2775 
    2776 /**
    2777  * Adds rel noreferrer and noopener to all HTML A elements that have a target.
    2778  *
    2779  * @param string $text Content that may contain HTML A elements.
    2780  * @return string Converted content.
    2781  */
    2782 function wp_targeted_link_rel( $text ) {
    2783     // Don't run (more expensive) regex if no links with targets.
    2784     if ( stripos( $text, 'target' ) !== false && stripos( $text, '<a ' ) !== false ) {
    2785         $text = preg_replace_callback( '|<a\s([^>]*target\s*=[^>]*)>|i', 'wp_targeted_link_rel_callback', $text );
    2786     }
    2787 
    2788     return $text;
    2789 }
    2790 
    2791 /**
    2792  * Callback to add rel="noreferrer noopener" string to HTML A element.
    2793  *
    2794  * Will not duplicate existing noreferrer and noopener values
    2795  * to prevent from invalidating the HTML.
    2796  *
    2797  * @param array $matches Single Match
    2798  * @return string HTML A Element with rel noreferrer noopener in addition to any existing values
    2799  */
    2800 function wp_targeted_link_rel_callback( $matches ) {
    2801     $link_html = $matches[1];
    2802     $rel_match = array();
    2803 
    2804     /**
    2805      * Filters the rel values that are added to links with `target` attribute.
    2806      *
    2807      * @since 5.0.0
    2808      *
    2809      * @param string The rel values.
    2810      * @param string $link_html The matched content of the link tag including all HTML attributes.
    2811      */
    2812     $rel = apply_filters( 'wp_targeted_link_rel', 'noopener noreferrer', $link_html );
    2813 
    2814     // Value with delimiters, spaces around are optional.
    2815     $attr_regex = '|rel\s*=\s*?(\\\\{0,1}["\'])(.*?)\\1|i';
    2816     preg_match( $attr_regex, $link_html, $rel_match );
    2817 
    2818     if ( empty( $rel_match[0] ) ) {
    2819         // No delimiters, try with a single value and spaces, because `rel =  va"lue` is totally fine...
    2820         $attr_regex = '|rel\s*=(\s*)([^\s]*)|i';
    2821         preg_match( $attr_regex, $link_html, $rel_match );
    2822     }
    2823 
    2824     if ( ! empty( $rel_match[0] ) ) {
    2825         $parts = preg_split( '|\s+|', strtolower( $rel_match[2] ) );
    2826         $parts = array_map( 'esc_attr', $parts );
    2827         $needed = explode( ' ', $rel );
    2828         $parts = array_unique( array_merge( $parts, $needed ) );
    2829         $delimiter = trim( $rel_match[1] ) ? $rel_match[1] : '"';
    2830         $rel = 'rel=' . $delimiter . trim( implode( ' ', $parts ) ) . $delimiter;
    2831         $link_html = str_replace( $rel_match[0], $rel, $link_html );
    2832     } else {
    2833         $link_html .= " rel=\"$rel\"";
    2834     }
    2835 
    2836     return "<a $link_html>";
    28372774}
    28382775
  • branches/5.0/tests/phpunit/tests/rest-api/rest-attachments-controller.php

    r43862 r43930  
    942942                    ),
    943943                    'description' => array(
    944                         'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
    945                         'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
     944                        'raw'      => '<a href="#" target="_blank">link</a>',
     945                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    946946                    ),
    947947                    'caption' => array(
    948                         'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
    949                         'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
     948                        'raw'      => '<a href="#" target="_blank">link</a>',
     949                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    950950                    ),
    951951                )
  • branches/5.0/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r43908 r43930  
    29842984                    ),
    29852985                    'content' => array(
    2986                         'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
    2987                         'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
     2986                        'raw'      => '<a href="#" target="_blank">link</a>',
     2987                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    29882988                    ),
    29892989                    'excerpt' => array(
    2990                         'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
    2991                         'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
     2990                        'raw'      => '<a href="#" target="_blank">link</a>',
     2991                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    29922992                    ),
    29932993                )
Note: See TracChangeset for help on using the changeset viewer.