(chore): add ugc to blog links

eff0477f · Mark Harding · 66f4f9cd · eff0477f · eff0477f
Commit eff0477f authored 10 minutes ago by Mark Harding
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions
--- a/Core/Security/XSS/GenericRule.php
+++ b/Core/Security/XSS/GenericRule.php
@@ -163,7 +163,7 @@ class GenericRule implements Interfaces\XSSRule
            //make all urls force open in a new tab/window
            if ($element->nodeName == 'a') {
                $element->setAttribute('target', '_blank');
-                $element->setAttribute('rel', 'noopener noreferrer nofollow'); //nofollow hurts spammers
+                $element->setAttribute('rel', 'noopener noreferrer nofollow ugc'); //nofollow hurts spammers
            }
        }


--- a/Spec/Core/Security/XSSSpec.php
+++ b/Spec/Core/Security/XSSSpec.php
@@ -39,25 +39,25 @@ class XSSSpec extends ObjectBehavior
    public function it_should_dissallow_onClick_attributes()
    {
        $dirty = "<a onclick=\"console.log('hmmm...')\">click me</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a target=\"_blank\" rel=\"noopener noreferrer nofollow\">click me</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">click me</a>");
    }

    public function it_should_allow_href_on_anchor_tags()
    {
        $dirty = "<a href=\"https://www.minds.com\">take me home</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"https://www.minds.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">take me home</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"https://www.minds.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">take me home</a>");
    }

    public function it_should_not_allow_bad_url_schemes()
    {
        $dirty = "<a href=\"javascript:alert('HEYHO')\">bad scheme here</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bad scheme here</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">bad scheme here</a>");
    }

    public function it_should_not_allow_bad_url_schemes_with_case_hacks()
    {
        $dirty = "<a href=\"Javascript:alert('HEYHO')\">bad scheme here</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bad scheme here</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">bad scheme here</a>");
    }

    public function it_should_not_allow_bad_url_schemes_from_multiple_keywords()