From 3e41e6531b47d8c61703699a60edd1dce89cab95 Mon Sep 17 00:00:00 2001 From: "Bernhard M. Wiedemann" Date: Fri, 24 Mar 2023 15:40:00 +0100 Subject: [PATCH] Tag hyperlinks with nofollow Bots are spamming us with hyperlinks to unrelated sites to increase their pages' score in search engines. By adding rel="nofollow", this will be disincentivised. Fixes #14189 Co-authored-by: Jacob Michalskie --- src/api/app/helpers/webui/markdown_helper.rb | 2 +- .../helpers/webui/markdown_helper_spec.rb | 20 +++++++++---------- src/api/spec/mailers/event_mailer_spec.rb | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/api/app/helpers/webui/markdown_helper.rb b/src/api/app/helpers/webui/markdown_helper.rb index 45cf4cf03fc..76f8808b0ce 100644 --- a/src/api/app/helpers/webui/markdown_helper.rb +++ b/src/api/app/helpers/webui/markdown_helper.rb @@ -8,7 +8,7 @@ def render_as_markdown(content) autolink: true, no_intra_emphasis: true, fenced_code_blocks: true, disable_indented_code_blocks: true) - ActionController::Base.helpers.sanitize(@md_parser.render(content.dup.to_s)) + ActionController::Base.helpers.sanitize(@md_parser.render(content.dup.to_s), scrubber: Loofah::Scrubbers::NoFollow.new) end def render_without_markdown(content) diff --git a/src/api/spec/helpers/webui/markdown_helper_spec.rb b/src/api/spec/helpers/webui/markdown_helper_spec.rb index d2c72c495b8..90163f66f96 100644 --- a/src/api/spec/helpers/webui/markdown_helper_spec.rb +++ b/src/api/spec/helpers/webui/markdown_helper_spec.rb @@ -4,35 +4,35 @@ describe '#render_as_markdown' do it 'renders markdown links to html links' do expect(render_as_markdown('[my link](https://github.com/openSUSE/open-build-service/issues/5091)')).to eq( - "

my link

\n" + "

my link

\n" ) end it 'adds the OBS domain to relative links' do expect(render_as_markdown('[my link](/here)')).to eq( - "

my link

\n" + "

my link

\n" ) end it 'detects all the mentions to users' do expect(render_as_markdown('@alfie @milo and @Admin, please review. Also you, @test1 and @user.name.')).to eq( - '

@alfie ' \ - '@milo ' \ - 'and @Admin, ' \ - 'please review. Also you, @test1 ' \ - "and @user.name.

\n" + '

@alfie ' \ + '@milo ' \ + 'and @Admin, ' \ + 'please review. Also you, @test1 ' \ + "and @user.name.

\n" ) end it "doesn't render users inside the text of html links" do expect(render_as_markdown('Group [openSUSE Leap 15.0 Incidents@DVD-Incidents](https://openqa.opensuse.org/tests/overview)')).to eq( - "

Group openSUSE Leap 15.0 Incidents@DVD-Incidents

\n" + "

Group openSUSE Leap 15.0 Incidents@DVD-Incidents

\n" ) end it 'does not crash due to invalid URIs' do expect(render_as_markdown("anbox[400000+22d000]\r\n(the number)")).to eq( - "

anbox400000+22d000

\n" + "

anbox400000+22d000

\n" ) end @@ -60,7 +60,7 @@ it 'does remove dangerous html from inside the links' do expect(render_as_markdown('[](https://build.opensuse.org)')).to eq( - "

<script></script>

\n" + "

<script></script>

\n" ) end diff --git a/src/api/spec/mailers/event_mailer_spec.rb b/src/api/spec/mailers/event_mailer_spec.rb index e73dfbde324..68b364ded35 100644 --- a/src/api/spec/mailers/event_mailer_spec.rb +++ b/src/api/spec/mailers/event_mailer_spec.rb @@ -78,8 +78,8 @@ end it 'renders links absolute' do - expected_html = "

Hey @#{receiver.login} " - expected_html += 'how are things? Look at bug please.' + expected_html = "

Hey @#{receiver.login} " + expected_html += 'how are things? Look at bug please.' expect(mail.html_part.to_s).to include(expected_html) end