From 914045f3e49d332a7c8462c0d8669716cb2ca47c Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 15 Apr 2016 00:11:20 +0200 Subject: [PATCH 1/2] add rel=noopener to links opening in new window This is a security measurement supported in Chrome and Opera (and probably other browsers soonish) See http://mathiasbynens.github.io/rel-noopener/ for rationale --- inc/parser/xhtml.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php index 9d7613f32c..0331c3d399 100644 --- a/inc/parser/xhtml.php +++ b/inc/parser/xhtml.php @@ -938,10 +938,12 @@ function externallink($url, $name = null, $returnonly = false) { $link['more'] = ''; $link['class'] = $class; $link['url'] = $url; + $link['rel'] = ''; $link['name'] = $name; $link['title'] = $this->_xmlEntities($url); - if($conf['relnofollow']) $link['more'] .= ' rel="nofollow"'; + if($conf['relnofollow']) $link['rel'] .= ' nofollow'; + if($conf['target']['extern']) $link['rel'] .= ' noopener'; //output formatted if($returnonly) { @@ -971,6 +973,7 @@ function interwikilink($match, $name = null, $wikiName, $wikiUri, $returnonly = $link['suf'] = ''; $link['more'] = ''; $link['name'] = $this->_getLinkTitle($name, $wikiUri, $isImage); + $link['rel'] = ''; //get interwiki URL $exists = null; @@ -992,9 +995,10 @@ function interwikilink($match, $name = null, $wikiName, $wikiUri, $returnonly = $link['class'] .= ' wikilink1'; } else { $link['class'] .= ' wikilink2'; - $link['rel'] = 'nofollow'; + $link['rel'] .= ' nofollow'; } } + if($conf['target']['interwiki']) $link['rel'] .= ' noopener'; $link['url'] = $url; $link['title'] = htmlspecialchars($link['url']); @@ -1448,7 +1452,7 @@ function _formatLink($link) { if(!empty($link['target'])) $ret .= ' target="'.$link['target'].'"'; if(!empty($link['title'])) $ret .= ' title="'.$link['title'].'"'; if(!empty($link['style'])) $ret .= ' style="'.$link['style'].'"'; - if(!empty($link['rel'])) $ret .= ' rel="'.$link['rel'].'"'; + if(!empty($link['rel'])) $ret .= ' rel="'.trim($link['rel']).'"'; if(!empty($link['more'])) $ret .= ' '.$link['more']; $ret .= '>'; $ret .= $link['name']; @@ -1682,6 +1686,7 @@ function _getMediaLinkConf($src, $title, $align, $width, $height, $cache, $rende $link['suf'] = ''; $link['more'] = ''; $link['target'] = $conf['target']['media']; + if($conf['target']['media']) $link['rel'] = 'nofollow'; $link['title'] = $this->_xmlEntities($src); $link['name'] = $this->_media($src, $title, $align, $width, $height, $cache, $render); From bc3d225268cdc8282f1a5af080929d5e7ee4aa51 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Mon, 18 Apr 2016 19:07:11 +0200 Subject: [PATCH 2/2] fixed typo from nofollow to noopener --- inc/parser/xhtml.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php index 0331c3d399..236409b45a 100644 --- a/inc/parser/xhtml.php +++ b/inc/parser/xhtml.php @@ -1686,7 +1686,7 @@ function _getMediaLinkConf($src, $title, $align, $width, $height, $cache, $rende $link['suf'] = ''; $link['more'] = ''; $link['target'] = $conf['target']['media']; - if($conf['target']['media']) $link['rel'] = 'nofollow'; + if($conf['target']['media']) $link['rel'] = 'noopener'; $link['title'] = $this->_xmlEntities($src); $link['name'] = $this->_media($src, $title, $align, $width, $height, $cache, $render);