Commit f9dd1402 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'add_noreferrer_to_all_links' into 'master'

Add nofollow to all external links

Fixes #1224
parents 0d475208 4a03bbe4
...@@ -231,4 +231,31 @@ module ApplicationHelper ...@@ -231,4 +231,31 @@ module ApplicationHelper
content_tag(:i, nil, class: 'icon-spinner icon-spin') + text content_tag(:i, nil, class: 'icon-spinner icon-spin') + text
end end
end end
def link_to(name = nil, options = nil, html_options = nil, &block)
begin
uri = URI(options)
host = uri.host
absolute_uri = uri.absolute?
rescue URI::InvalidURIError, ArgumentError
host = nil
absolute_uri = nil
end
# Add "nofollow" only to external links
if host && host != Gitlab.config.gitlab.host && absolute_uri
if html_options
if html_options[:rel]
html_options[:rel] << " nofollow"
else
html_options.merge!(rel: "nofollow")
end
else
html_options = Hash.new
html_options[:rel] = "nofollow"
end
end
super
end
end end
...@@ -195,4 +195,27 @@ describe ApplicationHelper do ...@@ -195,4 +195,27 @@ describe ApplicationHelper do
simple_sanitize(input).should == a_tag simple_sanitize(input).should == a_tag
end end
end end
describe "link_to" do
it "should not include rel=nofollow for internal links" do
expect(link_to("Home", root_path)).to eq("<a href=\"/\">Home</a>")
end
it "should include rel=nofollow for external links" do
expect(link_to("Example", "http://www.example.com")).to eq("<a href=\"http://www.example.com\" rel=\"nofollow\">Example</a>")
end
it "should include re=nofollow for external links and honor existing html_options" do
expect(
link_to("Example", "http://www.example.com", class: "toggle", data: {toggle: "dropdown"})
).to eq("<a class=\"toggle\" data-toggle=\"dropdown\" href=\"http://www.example.com\" rel=\"nofollow\">Example</a>")
end
it "should include rel=nofollow for external links and preserver other rel values" do
expect(
link_to("Example", "http://www.example.com", rel: "noreferrer")
).to eq("<a href=\"http://www.example.com\" rel=\"noreferrer nofollow\">Example</a>")
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment