Make WordPress Core


Ignore:
Timestamp:
09/30/2019 01:29:10 AM (5 years ago)
Author:
SergeyBiryukov
Message:

Comments: Add rel="nofollow ugc" attribute to links in comments.

UGC stands for User Generated Content, and the ugc attribute value is recommended for links within user generated content, such as comments and forum posts.

See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.

Props audrasjb, joostdevalk, dkarfa, SergeyBiryukov.
Fixes #48022.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r46232 r46349  
    30133013
    30143014/**
    3015  * Adds rel nofollow string to all HTML A elements in content.
    3016  *
    3017  * @since 1.5.0
    3018  *
    3019  * @param string $text Content that may contain HTML A elements.
    3020  * @return string Converted content.
    3021  */
    3022 function wp_rel_nofollow( $text ) {
    3023     // This is a pre save filter, so text is already escaped.
    3024     $text = stripslashes( $text );
    3025     $text = preg_replace_callback( '|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text );
    3026     return wp_slash( $text );
    3027 }
    3028 
    3029 /**
    3030  * Callback to add rel=nofollow string to HTML A element.
    3031  *
    3032  * Will remove already existing rel="nofollow" and rel='nofollow' from the
    3033  * string to prevent from invalidating (X)HTML.
    3034  *
    3035  * @since 2.3.0
    3036  *
    3037  * @param array $matches Single Match
    3038  * @return string HTML A Element with rel nofollow.
    3039  */
    3040 function wp_rel_nofollow_callback( $matches ) {
     3015 * Callback to add a rel attribute to HTML A element.
     3016 *
     3017 * Will remove already existing string before adding to prevent invalidating (X)HTML.
     3018 *
     3019 * @since 5.3.0
     3020 *
     3021 * @param array  $matches Single match.
     3022 * @param string $rel     The rel attribute to add.
     3023 * @return string HTML A element with the added rel attribute.
     3024 */
     3025function wp_rel_callback( $matches, $rel ) {
    30413026    $text = $matches[1];
    30423027    $atts = wp_kses_hair( $matches[1], wp_allowed_protocols() );
    3043     $rel  = 'nofollow';
    30443028
    30453029    if ( ! empty( $atts['href'] ) ) {
     
    30523036
    30533037    if ( ! empty( $atts['rel'] ) ) {
    3054         $parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) );
    3055         if ( false === array_search( 'nofollow', $parts ) ) {
    3056             $parts[] = 'nofollow';
    3057         }
    3058         $rel = implode( ' ', $parts );
     3038        $parts     = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) );
     3039        $rel_array = array_map( 'trim', explode( ' ', $rel ) );
     3040        $parts     = array_unique( array_merge( $parts, $rel_array ) );
     3041        $rel       = implode( ' ', $parts );
    30593042        unset( $atts['rel'] );
    30603043
     
    30703053    }
    30713054    return "<a $text rel=\"" . esc_attr( $rel ) . '">';
     3055}
     3056
     3057/**
     3058 * Adds `rel="nofollow"` string to all HTML A elements in content.
     3059 *
     3060 * @since 1.5.0
     3061 *
     3062 * @param string $text Content that may contain HTML A elements.
     3063 * @return string Converted content.
     3064 */
     3065function wp_rel_nofollow( $text ) {
     3066    // This is a pre save filter, so text is already escaped.
     3067    $text = stripslashes( $text );
     3068    $rel  = 'nofollow';
     3069    $text = preg_replace_callback(
     3070        '|<a (.+?)>|i',
     3071        function( $matches ) use ( $rel ) {
     3072            return wp_rel_callback( $matches, $rel );
     3073        },
     3074        $text
     3075    );
     3076    return wp_slash( $text );
     3077}
     3078
     3079/**
     3080 * Callback to add `rel="nofollow"` string to HTML A element.
     3081 *
     3082 * @since 2.3.0
     3083 * @deprecated 5.3.0 Use wp_rel_callback()
     3084 *
     3085 * @param array $matches Single match.
     3086 * @return string HTML A Element with `rel="nofollow"`.
     3087 */
     3088function wp_rel_nofollow_callback( $matches ) {
     3089    return wp_rel_callback( $matches, 'nofollow' );
     3090}
     3091
     3092/**
     3093 * Adds `rel="nofollow ugc"` string to all HTML A elements in content.
     3094 *
     3095 * @since 5.3.0
     3096 *
     3097 * @param string $text Content that may contain HTML A elements.
     3098 * @return string Converted content.
     3099 */
     3100function wp_rel_ugc( $text ) {
     3101    // This is a pre save filter, so text is already escaped.
     3102    $text = stripslashes( $text );
     3103    $rel  = 'nofollow ugc';
     3104    $text = preg_replace_callback(
     3105        '|<a (.+?)>|i',
     3106        function( $matches ) use ( $rel ) {
     3107            return wp_rel_callback( $matches, $rel );
     3108        },
     3109        $text
     3110    );
     3111    return wp_slash( $text );
    30723112}
    30733113
Note: See TracChangeset for help on using the changeset viewer.