Opened 5 years ago
Last modified 5 years ago
#48261 new defect (bug)
"noopener noreferrer" mis-parses links with "rel=" parameters
Reported by: | mvandemar | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.2.3 |
Component: | Formatting | Keywords: | has-patch has-unit-tests |
Focuses: | Cc: |
Description (last modified by )
If a link contains a url parameter named "rel" and the rel="noopener noreferrer" attribute is triggered (ie. the link has the target="_blank" attribute as well) then it botches the parsing, and you wind up with a link that looks like:
<a href="https://www.somesite.com/index.php?v=yes&rel=0" noopener noreferrer" target="_blank">Anchor Text</a>
Attachments (6)
Change History (13)
#1
@
5 years ago
- Component changed from General to Formatting
- Focuses ui removed
- Keywords needs-patch needs-unit-tests added
#3
@
5 years ago
I just confirmed it is still happening on a vanilla installation of WordPress. Enter this link in html mode, exactly as shown, then hit Publish (or update), then view source on the post/page:
<a href="https://www.somesite.com/index.php?v=yes&rel=0" target="_blank">Anchor Text</a>
#4
@
5 years ago
- Description modified (diff)
- Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed
Thanks @mvandemar for the report and screenshots.
48261.diff is a first iteration, just to help the discussion further.
This patch adds the extra condition preg_match( '#(?:^\s*|\s+)rel\s*=#', $link_html )
if the attributes-regex are matched. Here (?:)
is a non-capturing group and we check if rel is the first attribute (that can be without white space from left in $link_html
) or the second (or later) attribute (that need a white space from left in $link_html
). I first tried to modify the existing attributes-regex with this approach but it ended up with more changes, so I currently prefer this approach.
ps: we could simplify to preg_match( '#(^\s*|\s+)rel\s*=#', $link_html )
as the first version was when I tested it within the attributes-regex, with existing capturing groups.
#5
@
5 years ago
Confirming that this patch appears to fix the issue on 5.2.3. I also tested the case where there is an existing rel that is not "noopener noreferrer" and it inserts the additional parameters correctly, eg:
<a href="https://www.somesite.com/index.php?v=yes&rel=0" rel="randomrel" target="_blank">Anchor Text</a>
correctly becomes:
<a href="https://www.somesite.com/index.php?v=yes&rel=0" rel="randomrel noopener noreferrer" target="_blank">Anchor Text</a>
#6
@
5 years ago
Thanks for testing @mvandemar
48261-2.diff is a slight simplification as mentioned earlier.
#7
@
5 years ago
48261-3.diff adds the case-insensitive, as used with regex for the attributes.
Hi @mvandemar
Thanks for the report, I can't reproduce this issue, but all works fine from my side.