From 05822d6f970faad8ce4de2a9a7ae072eb555ef42 Mon Sep 17 00:00:00 2001 From: Tomas Date: Tue, 14 Sep 2021 10:12:42 +0300 Subject: [PATCH] Add `rel` config option for links --- .../Basic/NodeVisitor/ANodeVisitor.php | 4 ++ tests/FullSanitizerTest.php | 41 ++++++++++--------- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/src/Extension/Basic/NodeVisitor/ANodeVisitor.php b/src/Extension/Basic/NodeVisitor/ANodeVisitor.php index 244db59..d5b94f4 100644 --- a/src/Extension/Basic/NodeVisitor/ANodeVisitor.php +++ b/src/Extension/Basic/NodeVisitor/ANodeVisitor.php @@ -62,6 +62,7 @@ public function getDefaultConfiguration(): array 'allowed_hosts' => null, 'allow_mailto' => true, 'force_https' => false, + 'rel' => null, ]; } @@ -69,6 +70,9 @@ protected function createNode(\DOMNode $domNode, Cursor $cursor): NodeInterface { $node = new ANode($cursor->node); $node->setAttribute('href', $this->sanitizer->sanitize($this->getAttribute($domNode, 'href'))); + if ($this->config['rel'] !== null) { + $node->setAttribute('rel', $this->config['rel']); + } return $node; } diff --git a/tests/FullSanitizerTest.php b/tests/FullSanitizerTest.php index 99b52eb..66b1917 100644 --- a/tests/FullSanitizerTest.php +++ b/tests/FullSanitizerTest.php @@ -29,6 +29,7 @@ public function createSanitizer(): SanitizerInterface 'allowed_hosts' => ['trusted.com', 'external.com'], 'allow_mailto' => true, 'force_https' => false, + 'rel' => 'noopener', ], 'blockquote' => [ 'allowed_attributes' => ['data-attr'], @@ -196,19 +197,19 @@ public function provideFixtures(): array ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ '
Lorem ipsum
', @@ -445,47 +446,47 @@ public function provideFixtures(): array [ 'Test', - 'Test', + 'Test', ], [ 'Test', - 'Test', + 'Test', ], [ 'Test', - 'Test', + 'Test', ], [ 'Test', - 'Test', + 'Test', ], [ 'Test', - 'Test', + 'Test', ], [ 'Test', - 'Test', + 'Test', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], // Inspired by https://twitter.com/brutelogic/status/1066333383276593152?s=19 @@ -497,7 +498,7 @@ public function provideFixtures(): array // Inspired by https://html5sec.org [ 'Lorem ipsum', - 'Lorem ipsum', + 'Lorem ipsum', ], /* @@ -514,7 +515,7 @@ public function provideFixtures(): array ], [ 'Lorem ipsum dolor sit amet, consectetur adipisicing elit.', - 'Lorem ipsum dolor sit amet, consectetur adipisicing elit.', + 'Lorem ipsum dolor sit amet, consectetur adipisicing elit.', ], [ '', @@ -526,7 +527,7 @@ public function provideFixtures(): array ], [ '<a href="javascript:evil"/>', - 'a href="javascript:evil"/>', + 'a href="javascript:evil"/>', ], [ '!!', @@ -546,7 +547,7 @@ public function provideFixtures(): array ], [ 'ipt>alert(1)', - 'ipt>alert(1)', + 'ipt>alert(1)', ], /* @@ -563,7 +564,7 @@ public function provideFixtures(): array ], [ 'Lorem ipsum dolor sit amet, consectetur.', - 'Lorem ipsum dolor sit amet, consectetur.', + 'Lorem ipsum dolor sit amet, consectetur.', ], ]); }