Make WordPress Core

Changeset 45143


Ignore:
Timestamp:
04/08/2019 11:17:35 PM (5 years ago)
Author:
pento
Message:

Widgets: Add rel="noopener noreferrer" to links with target="_blank" in the Text and HTML widgets.

Props audrasjb, birgire, mukesh27.
Fixes #46421.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/widgets/class-wp-widget-custom-html.php

    r43571 r45143  
    143143        /** This filter is documented in wp-includes/widgets/class-wp-widget-text.php */
    144144        $content = apply_filters( 'widget_text', $instance['content'], $simulated_text_widget_instance, $this );
     145
     146        // Adds noreferrer and noopener relationships, without duplicating values, to all HTML A elements that have a target.
     147        $content = wp_targeted_link_rel( $content );
    145148
    146149        /**
  • trunk/src/wp-includes/widgets/class-wp-widget-text.php

    r44578 r45143  
    328328
    329329        $text = preg_replace_callback( '#<(video|iframe|object|embed)\s[^>]*>#i', array( $this, 'inject_video_max_width_style' ), $text );
     330
     331        // Adds noreferrer and noopener relationships, without duplicating values, to all HTML A elements that have a target.
     332        $text = wp_targeted_link_rel( $text );
    330333
    331334        ?>
  • trunk/tests/phpunit/tests/widgets/custom-html-widget.php

    r43571 r45143  
    303303        $this->assertContains( 'Use the Custom HTML widget to add arbitrary HTML code to your widget areas.', $help_tab['content'] );
    304304    }
     305
     306    /**
     307     * Ensure that rel="noopener noreferrer" is added to links with a target.
     308     *
     309     * @ticket 46421
     310     */
     311    function test_render_links_with_target() {
     312        $widget = new WP_Widget_Custom_HTML();
     313
     314        $content = 'Test content with an external <a href="https://example.org" target="_blank">link</a>.';
     315
     316        $args = array(
     317            'before_title'  => '<h2>',
     318            'after_title'   => '</h2>',
     319            'before_widget' => '',
     320            'after_widget'  => '',
     321        );
     322
     323        $instance = array(
     324            'title'   => 'Foo',
     325            'content' => $content,
     326        );
     327
     328        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
     329        $this->assertContains( 'rel="noopener noreferrer"', $output );
     330    }
     331
     332    /**
     333     * Ensure that rel="noopener noreferrer" is not added to links without a target.
     334     *
     335     * @ticket 46421
     336     */
     337    function test_render_links_without_target() {
     338        $widget = new WP_Widget_Custom_HTML();
     339
     340        $content = 'Test content with an internal <a href="/">link</a>.';
     341
     342        $args = array(
     343            'before_title'  => '<h2>',
     344            'after_title'   => '</h2>',
     345            'before_widget' => '',
     346            'after_widget'  => '',
     347        );
     348
     349        $instance = array(
     350            'title'   => 'Foo',
     351            'content' => $content,
     352        );
     353
     354        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
     355        $this->assertNotContains( 'rel="noopener noreferrer"', $output );
     356    }
     357
    305358}
  • trunk/tests/phpunit/tests/widgets/text-widget.php

    r44578 r45143  
    10021002        $this->assertContains( '<script type="text/html" id="tmpl-widget-text-control-fields">', $output );
    10031003    }
     1004
     1005    /**
     1006     * Ensure that rel="noopener noreferrer" is added to links with a target.
     1007     *
     1008     * @ticket 46421
     1009     */
     1010    function test_render_links_with_target() {
     1011        $widget = new WP_Widget_Text();
     1012
     1013        $text = 'Test content with an external <a href="https://example.org" target="_blank">link</a>.';
     1014
     1015        $args = array(
     1016            'before_title'  => '<h2>',
     1017            'after_title'   => '</h2>',
     1018            'before_widget' => '',
     1019            'after_widget'  => '',
     1020        );
     1021
     1022        $instance = array(
     1023            'title' => 'Foo',
     1024            'text'  => $text,
     1025        );
     1026
     1027        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
     1028
     1029        $this->assertContains( 'rel="noopener noreferrer"', $output );
     1030    }
     1031
     1032    /**
     1033     * Ensure that rel="noopener noreferrer" is not added to links without a target.
     1034     *
     1035     * @ticket 46421
     1036     */
     1037    function test_render_links_without_target() {
     1038        $widget = new WP_Widget_Text();
     1039
     1040        $text = 'Test content with an internal <a href="/">link</a>.';
     1041
     1042        $args = array(
     1043            'before_title'  => '<h2>',
     1044            'after_title'   => '</h2>',
     1045            'before_widget' => '',
     1046            'after_widget'  => '',
     1047        );
     1048
     1049        $instance = array(
     1050            'title' => 'Foo',
     1051            'text'  => $text,
     1052        );
     1053
     1054        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
     1055
     1056        $this->assertNotContains( 'rel="noopener noreferrer"', $output );
     1057    }
    10041058}
Note: See TracChangeset for help on using the changeset viewer.