diff options
| author | kaniini <ariadne@dereferenced.org> | 2019-09-23 22:41:31 +0000 |
|---|---|---|
| committer | kaniini <ariadne@dereferenced.org> | 2019-09-23 22:41:31 +0000 |
| commit | 19263f30c3819f922586b537467e888574c334d7 (patch) | |
| tree | e9c7a490b7ed245cf854c072aae932eb54fd38e8 | |
| parent | 760df67a7b767d113a0ff2b351f872caf8751832 (diff) | |
| parent | ae1d371428e16b738b8ec638e411e5e8c1ac4937 (diff) | |
| download | pleroma-19263f30c3819f922586b537467e888574c334d7.tar.gz | |
Merge branch 'support-rel-ugc' into 'develop'
Add support for `rel="ugc"`
Closes #1255
See merge request pleroma/pleroma!1679
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | config/config.exs | 2 | ||||
| -rw-r--r-- | config/description.exs | 2 | ||||
| -rw-r--r-- | docs/config.md | 2 | ||||
| -rw-r--r-- | lib/pleroma/formatter.ex | 6 | ||||
| -rw-r--r-- | lib/pleroma/html.ex | 6 | ||||
| -rw-r--r-- | test/formatter_test.exs | 54 | ||||
| -rw-r--r-- | test/user_test.exs | 4 | ||||
| -rw-r--r-- | test/web/common_api/common_api_utils_test.exs | 6 | ||||
| -rw-r--r-- | test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs | 9 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 8 | ||||
| -rw-r--r-- | test/web/twitter_api/twitter_api_test.exs | 4 |
12 files changed, 58 insertions, 46 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 93b7e2a10..9aabe20d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses) - Improve digest email template – Pagination: (optional) return `total` alongside with `items` when paginating +- Add `rel="ugc"` to all links in statuses, to prevent SEO spam ### Fixed - Following from Osada diff --git a/config/config.exs b/config/config.exs index 1988753d6..403ade60d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -509,7 +509,7 @@ config :auto_linker, class: false, strip_prefix: false, new_window: false, - rel: false + rel: "ugc" ] config :pleroma, :ldap, diff --git a/config/description.exs b/config/description.exs index d95250017..38b30bbf6 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1906,7 +1906,7 @@ config :pleroma, :config_description, [ key: :rel, type: [:string, false], description: "override the rel attribute. false to clear", - suggestions: ["noopener noreferrer", false] + suggestions: ["ugc", "noopener noreferrer", false] }, %{ key: :new_window, diff --git a/docs/config.md b/docs/config.md index 34e9c19ec..ed119fd32 100644 --- a/docs/config.md +++ b/docs/config.md @@ -522,7 +522,7 @@ config :auto_linker, class: false, strip_prefix: false, new_window: false, - rel: false + rel: "ugc" ] ``` diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 607843a5b..23a5ac8fe 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -36,9 +36,9 @@ defmodule Pleroma.Formatter do nickname_text = get_nickname_text(nickname, opts) link = - "<span class='h-card'><a data-user='#{id}' class='u-url mention' href='#{ap_id}'>@<span>#{ + ~s(<span class="h-card"><a data-user="#{id}" class="u-url mention" href="#{ap_id}" rel="ugc">@<span>#{ nickname_text - }</span></a></span>" + }</span></a></span>) {link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}} @@ -50,7 +50,7 @@ defmodule Pleroma.Formatter do def hashtag_handler("#" <> tag = tag_text, _buffer, _opts, acc) do tag = String.downcase(tag) url = "#{Pleroma.Web.base_url()}/tag/#{tag}" - link = "<a class='hashtag' data-tag='#{tag}' href='#{url}' rel='tag'>#{tag_text}</a>" + link = ~s(<a class="hashtag" data-tag="#{tag}" href="#{url}" rel="tag ugc">#{tag_text}</a>) {link, %{acc | tags: MapSet.put(acc.tags, {tag_text, tag})}} end diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 3951f0f51..937bafed5 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -184,7 +184,8 @@ defmodule Pleroma.HTML.Scrubber.Default do "tag", "nofollow", "noopener", - "noreferrer" + "noreferrer", + "ugc" ]) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) @@ -304,7 +305,8 @@ defmodule Pleroma.HTML.Scrubber.LinksOnly do "nofollow", "noopener", "noreferrer", - "me" + "me", + "ugc" ]) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) diff --git a/test/formatter_test.exs b/test/formatter_test.exs index c443dfe7c..2e4280fc2 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -19,7 +19,7 @@ defmodule Pleroma.FormatterTest do text = "I love #cofe and #2hu" expected_text = - "I love <a class='hashtag' data-tag='cofe' href='http://localhost:4001/tag/cofe' rel='tag'>#cofe</a> and <a class='hashtag' data-tag='2hu' href='http://localhost:4001/tag/2hu' rel='tag'>#2hu</a>" + ~s(I love <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe" rel="tag ugc">#cofe</a> and <a class="hashtag" data-tag="2hu" href="http://localhost:4001/tag/2hu" rel="tag ugc">#2hu</a>) assert {^expected_text, [], _tags} = Formatter.linkify(text) end @@ -28,7 +28,7 @@ defmodule Pleroma.FormatterTest do text = "#fact_3: pleroma does what mastodon't" expected_text = - "<a class='hashtag' data-tag='fact_3' href='http://localhost:4001/tag/fact_3' rel='tag'>#fact_3</a>: pleroma does what mastodon't" + ~s(<a class="hashtag" data-tag="fact_3" href="http://localhost:4001/tag/fact_3" rel="tag ugc">#fact_3</a>: pleroma does what mastodon't) assert {^expected_text, [], _tags} = Formatter.linkify(text) end @@ -39,21 +39,21 @@ defmodule Pleroma.FormatterTest do text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ." expected = - "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a> ." + ~S(Hey, check out <a href="https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla" rel="ugc">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a> .) assert {^expected, [], []} = Formatter.linkify(text) text = "https://mastodon.social/@lambadalambda" expected = - "<a href=\"https://mastodon.social/@lambadalambda\">https://mastodon.social/@lambadalambda</a>" + ~S(<a href="https://mastodon.social/@lambadalambda" rel="ugc">https://mastodon.social/@lambadalambda</a>) assert {^expected, [], []} = Formatter.linkify(text) text = "https://mastodon.social:4000/@lambadalambda" expected = - "<a href=\"https://mastodon.social:4000/@lambadalambda\">https://mastodon.social:4000/@lambadalambda</a>" + ~S(<a href="https://mastodon.social:4000/@lambadalambda" rel="ugc">https://mastodon.social:4000/@lambadalambda</a>) assert {^expected, [], []} = Formatter.linkify(text) @@ -63,55 +63,57 @@ defmodule Pleroma.FormatterTest do assert {^expected, [], []} = Formatter.linkify(text) text = "http://www.cs.vu.nl/~ast/intel/" - expected = "<a href=\"http://www.cs.vu.nl/~ast/intel/\">http://www.cs.vu.nl/~ast/intel/</a>" + + expected = + ~S(<a href="http://www.cs.vu.nl/~ast/intel/" rel="ugc">http://www.cs.vu.nl/~ast/intel/</a>) assert {^expected, [], []} = Formatter.linkify(text) text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" expected = - "<a href=\"https://forum.zdoom.org/viewtopic.php?f=44&t=57087\">https://forum.zdoom.org/viewtopic.php?f=44&t=57087</a>" + "<a href=\"https://forum.zdoom.org/viewtopic.php?f=44&t=57087\" rel=\"ugc\">https://forum.zdoom.org/viewtopic.php?f=44&t=57087</a>" assert {^expected, [], []} = Formatter.linkify(text) text = "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" expected = - "<a href=\"https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul\">https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul</a>" + "<a href=\"https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul\" rel=\"ugc\">https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul</a>" assert {^expected, [], []} = Formatter.linkify(text) text = "https://www.google.co.jp/search?q=Nasim+Aghdam" expected = - "<a href=\"https://www.google.co.jp/search?q=Nasim+Aghdam\">https://www.google.co.jp/search?q=Nasim+Aghdam</a>" + "<a href=\"https://www.google.co.jp/search?q=Nasim+Aghdam\" rel=\"ugc\">https://www.google.co.jp/search?q=Nasim+Aghdam</a>" assert {^expected, [], []} = Formatter.linkify(text) text = "https://en.wikipedia.org/wiki/Duff's_device" expected = - "<a href=\"https://en.wikipedia.org/wiki/Duff's_device\">https://en.wikipedia.org/wiki/Duff's_device</a>" + "<a href=\"https://en.wikipedia.org/wiki/Duff's_device\" rel=\"ugc\">https://en.wikipedia.org/wiki/Duff's_device</a>" assert {^expected, [], []} = Formatter.linkify(text) text = "https://pleroma.com https://pleroma.com/sucks" expected = - "<a href=\"https://pleroma.com\">https://pleroma.com</a> <a href=\"https://pleroma.com/sucks\">https://pleroma.com/sucks</a>" + "<a href=\"https://pleroma.com\" rel=\"ugc\">https://pleroma.com</a> <a href=\"https://pleroma.com/sucks\" rel=\"ugc\">https://pleroma.com/sucks</a>" assert {^expected, [], []} = Formatter.linkify(text) text = "xmpp:contact@hacktivis.me" - expected = "<a href=\"xmpp:contact@hacktivis.me\">xmpp:contact@hacktivis.me</a>" + expected = "<a href=\"xmpp:contact@hacktivis.me\" rel=\"ugc\">xmpp:contact@hacktivis.me</a>" assert {^expected, [], []} = Formatter.linkify(text) text = "magnet:?xt=urn:btih:7ec9d298e91d6e4394d1379caf073c77ff3e3136&tr=udp%3A%2F%2Fopentor.org%3A2710&tr=udp%3A%2F%2Ftracker.blackunicorn.xyz%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com" - expected = "<a href=\"#{text}\">#{text}</a>" + expected = "<a href=\"#{text}\" rel=\"ugc\">#{text}</a>" assert {^expected, [], []} = Formatter.linkify(text) end @@ -135,13 +137,13 @@ defmodule Pleroma.FormatterTest do assert length(mentions) == 3 expected_text = - "<span class='h-card'><a data-user='#{gsimg.id}' class='u-url mention' href='#{ + ~s(<span class="h-card"><a data-user="#{gsimg.id}" class="u-url mention" href="#{ gsimg.ap_id - }'>@<span>gsimg</span></a></span> According to <span class='h-card'><a data-user='#{ + }" rel="ugc">@<span>gsimg</span></a></span> According to <span class="h-card"><a data-user="#{ archaeme.id - }' class='u-url mention' href='#{"https://archeme/@archa_eme_"}'>@<span>archa_eme_</span></a></span>, that is @daggsy. Also hello <span class='h-card'><a data-user='#{ + }" class="u-url mention" href="#{"https://archeme/@archa_eme_"}" rel="ugc">@<span>archa_eme_</span></a></span>, that is @daggsy. Also hello <span class="h-card"><a data-user="#{ archaeme_remote.id - }' class='u-url mention' href='#{archaeme_remote.ap_id}'>@<span>archaeme</span></a></span>" + }" class="u-url mention" href="#{archaeme_remote.ap_id}" rel="ugc">@<span>archaeme</span></a></span>) assert expected_text == text end @@ -156,7 +158,9 @@ defmodule Pleroma.FormatterTest do assert length(mentions) == 1 expected_text = - "<span class='h-card'><a data-user='#{mike.id}' class='u-url mention' href='#{mike.ap_id}'>@<span>mike</span></a></span> test" + ~s(<span class="h-card"><a data-user="#{mike.id}" class="u-url mention" href="#{ + mike.ap_id + }" rel="ugc">@<span>mike</span></a></span> test) assert expected_text == text end @@ -170,7 +174,7 @@ defmodule Pleroma.FormatterTest do assert length(mentions) == 1 expected_text = - "<span class='h-card'><a data-user='#{o.id}' class='u-url mention' href='#{o.ap_id}'>@<span>o</span></a></span> hi" + ~s(<span class="h-card"><a data-user="#{o.id}" class="u-url mention" href="#{o.ap_id}" rel="ugc">@<span>o</span></a></span> hi) assert expected_text == text end @@ -192,13 +196,17 @@ defmodule Pleroma.FormatterTest do assert mentions == [{"@#{user.nickname}", user}, {"@#{other_user.nickname}", other_user}] assert expected_text == - "<span class='h-card'><a data-user='#{user.id}' class='u-url mention' href='#{ + ~s(<span class="h-card"><a data-user="#{user.id}" class="u-url mention" href="#{ user.ap_id - }'>@<span>#{user.nickname}</span></a></span> <span class='h-card'><a data-user='#{ + }" rel="ugc">@<span>#{user.nickname}</span></a></span> <span class="h-card"><a data-user="#{ other_user.id - }' class='u-url mention' href='#{other_user.ap_id}'>@<span>#{other_user.nickname}</span></a></span> hey dudes i hate <span class='h-card'><a data-user='#{ + }" class="u-url mention" href="#{other_user.ap_id}" rel="ugc">@<span>#{ + other_user.nickname + }</span></a></span> hey dudes i hate <span class="h-card"><a data-user="#{ third_user.id - }' class='u-url mention' href='#{third_user.ap_id}'>@<span>#{third_user.nickname}</span></a></span>" + }" class="u-url mention" href="#{third_user.ap_id}" rel="ugc">@<span>#{ + third_user.nickname + }</span></a></span>) end test "given the 'safe_mention' option, it will still work without any mention" do diff --git a/test/user_test.exs b/test/user_test.exs index 39ba69668..6852fcd40 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1294,9 +1294,9 @@ defmodule Pleroma.UserTest do bio = "A.k.a. @nick@domain.com" expected_text = - "A.k.a. <span class='h-card'><a data-user='#{remote_user.id}' class='u-url mention' href='#{ + ~s(A.k.a. <span class="h-card"><a data-user="#{remote_user.id}" class="u-url mention" href="#{ remote_user.ap_id - }'>@<span>nick@domain.com</span></a></span>" + }" rel="ugc">@<span>nick@domain.com</span></a></span>) assert expected_text == User.parse_bio(bio, user) end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index 230146451..2588898d0 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -157,11 +157,11 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do text = "**hello world**\n\n*another @user__test and @user__test google.com paragraph*" expected = - "<p><strong>hello world</strong></p>\n<p><em>another <span class=\"h-card\"><a data-user=\"#{ + ~s(<p><strong>hello world</strong></p>\n<p><em>another <span class="h-card"><a data-user="#{ user.id - }\" class=\"u-url mention\" href=\"http://foo.com/user__test\">@<span>user__test</span></a></span> and <span class=\"h-card\"><a data-user=\"#{ + }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a data-user="#{ user.id - }\" class=\"u-url mention\" href=\"http://foo.com/user__test\">@<span>user__test</span></a></span> <a href=\"http://google.com\">google.com</a> paragraph</em></p>\n" + }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>\n) {output, _, _} = Utils.format_input(text, "text/markdown") diff --git a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs index 89d4ca37e..560f55137 100644 --- a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs +++ b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs @@ -86,10 +86,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do assert user = json_response(conn, 200) assert user["note"] == - ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe" rel="tag">#cofe</a> with <span class="h-card"><a data-user=") <> - user2.id <> - ~s(" class="u-url mention" href=") <> - user2.ap_id <> ~s(">@<span>) <> user2.nickname <> ~s(</span></a></span>) + ~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{ + user2.id + }" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span>) end test "updates the user's locking status", %{conn: conn} do @@ -334,7 +333,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do assert account["fields"] == [ %{"name" => "foo", "value" => "bar"}, - %{"name" => "link", "value" => "<a href=\"http://cofe.io\">cofe.io</a>"} + %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)} ] assert account["source"]["fields"] == [ diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 51f5215c2..73a3bf135 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -1014,9 +1014,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> get("/api/v1/notifications") expected_response = - "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{ + ~s(hi <span class="h-card"><a data-user="#{user.id}" class="u-url mention" href="#{ user.ap_id - }\">@<span>#{user.nickname}</span></a></span>" + }" rel="ugc">@<span>#{user.nickname}</span></a></span>) assert [%{"status" => %{"content" => response}} | _rest] = json_response(conn, 200) assert response == expected_response @@ -1036,9 +1036,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> get("/api/v1/notifications/#{notification.id}") expected_response = - "hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{ + ~s(hi <span class="h-card"><a data-user="#{user.id}" class="u-url mention" href="#{ user.ap_id - }\">@<span>#{user.nickname}</span></a></span>" + }" rel="ugc">@<span>#{user.nickname}</span></a></span>) assert %{"status" => %{"content" => response}} = json_response(conn, 200) assert response == expected_response diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 08f264431..bf1e233f5 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -109,7 +109,9 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do {:ok, user2} = TwitterAPI.register_user(data2) expected_text = - "<span class='h-card'><a data-user='#{user1.id}' class='u-url mention' href='#{user1.ap_id}'>@<span>john</span></a></span> test" + ~s(<span class="h-card"><a data-user="#{user1.id}" class="u-url mention" href="#{ + user1.ap_id + }" rel="ugc">@<span>john</span></a></span> test) assert user2.bio == expected_text end |