Make WordPress Core

Opened 6 months ago

Last modified 6 months ago

#53290 new defect (bug)

Prevent tagging certain links in comments with rel="nofollow ugc"

Reported by: galbaras Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.7.2
Component: Comments Keywords:
Focuses: Cc:


Assuming that user generated content links should not be followed is generally reasonable. However, there are some exceptions, some of which can be overcome by filters, and some, for which there are none.

  1. The function get_comment_author_link() shouldn't modify the author link indiscriminately. Although its output can be filtered, it would be better to prevent link tagging for specific authors. This can be achieved by adding the following code on line 223 of wp-includes/comment-template.php:
if ( empty( $url ) || 'http://' === $url || in_array( get_comment_author( $comment_ID ), apply_filters( 'comment_authors_link_allowed', [] ) ) {
    return = $author;
  1. The function wp_rel_ugc() shouldn't modify the author link indiscriminately either. It should get the comment ID and use the comment_link_allowed_authors filter as well to prevent some authors' links from being modified. The top of the function then becomes:
function wp_rel_ugc( $text, $comment_ID ) {
        if ( in_array( get_comment_author( $comment_ID ), apply_filters( 'comment_authors_link_allowed', [] ) ) {
                return $text;
  1. The function wp_rel_callback() should accept a list of allowed domains, which should include the local domain by default. Line 3075 of wp-includes/formatting.php should become:
if ( ! empty( $atts['href'] ) && ! in_array( $atts['href'], apply_filters( 'comment_link_allowed_domains', [ get_option( 'home' ) ) ) ) {

These changes will provide flexibility that's currently missing in the comment link tagging functionality.

Change History (1)

#1 @dankop
6 months ago

Just leaving a comment to support these changes. Internal links shouldn't be nofollow, even if left by a user.

Think of it as me as the author replying to a user in the comments, and pointing them towards a different page on the website. This is an internal link, posted by the author - shouldn't be "nofollow ugs"

Second scenario - a user replies to another user with a link that leads to a different page on the website. Even though this is user generated content, it's still an internal link and shouldn't be nofollow.

Note: See TracTickets for help on using tickets.