WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/08/2019 11:17:35 PM (3 years ago)
Author:
pento
Message:

Widgets: Add rel="noopener noreferrer" to links with target="_blank" in the Text and HTML widgets.

Props audrasjb, birgire, mukesh27.
Fixes #46421.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/widgets/custom-html-widget.php

    r43571 r45143  
    303303        $this->assertContains( 'Use the Custom HTML widget to add arbitrary HTML code to your widget areas.', $help_tab['content'] );
    304304    }
     305
     306    /**
     307     * Ensure that rel="noopener noreferrer" is added to links with a target.
     308     *
     309     * @ticket 46421
     310     */
     311    function test_render_links_with_target() {
     312        $widget = new WP_Widget_Custom_HTML();
     313
     314        $content = 'Test content with an external <a href="https://example.org" target="_blank">link</a>.';
     315
     316        $args = array(
     317            'before_title'  => '<h2>',
     318            'after_title'   => '</h2>',
     319            'before_widget' => '',
     320            'after_widget'  => '',
     321        );
     322
     323        $instance = array(
     324            'title'   => 'Foo',
     325            'content' => $content,
     326        );
     327
     328        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
     329        $this->assertContains( 'rel="noopener noreferrer"', $output );
     330    }
     331
     332    /**
     333     * Ensure that rel="noopener noreferrer" is not added to links without a target.
     334     *
     335     * @ticket 46421
     336     */
     337    function test_render_links_without_target() {
     338        $widget = new WP_Widget_Custom_HTML();
     339
     340        $content = 'Test content with an internal <a href="/">link</a>.';
     341
     342        $args = array(
     343            'before_title'  => '<h2>',
     344            'after_title'   => '</h2>',
     345            'before_widget' => '',
     346            'after_widget'  => '',
     347        );
     348
     349        $instance = array(
     350            'title'   => 'Foo',
     351            'content' => $content,
     352        );
     353
     354        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
     355        $this->assertNotContains( 'rel="noopener noreferrer"', $output );
     356    }
     357
    305358}
Note: See TracChangeset for help on using the changeset viewer.