From b100b9600eff213cba4088e42f7cc11e452436ee Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 24 Feb 2020 20:07:34 -0500 Subject: [PATCH] Add rel="noopener noreferrer" to all target="_blank" links See https://mathiasbynens.github.io/rel-noopener/ --- doc/BBCode.md | 6 ++-- doc/de/BBCode.md | 6 ++-- doc/de/Chats.md | 4 +-- doc/de/Developers.md | 2 +- src/Content/Text/BBCode.php | 28 +++++++++---------- src/Content/Text/HTML.php | 2 +- src/Model/Item.php | 2 +- src/Model/Term.php | 8 +++--- src/Module/Admin/Tos.php | 2 +- .../datasets/content/text/html/bug-7474.html | 2 +- tests/src/Content/Text/BBCodeTest.php | 10 +++---- view/templates/event.tpl | 2 +- view/templates/events.tpl | 2 +- view/templates/profile/vcard.tpl | 2 +- view/templates/shared_content.tpl | 6 ++-- view/templates/wall_thread.tpl | 4 +-- view/templates/widget_forumlist.tpl | 4 +-- view/theme/frio/templates/profile/vcard.tpl | 4 +-- view/theme/quattro/templates/events.tpl | 2 +- .../quattro/templates/widget_forumlist.tpl | 4 +-- view/theme/vier/templates/profile/vcard.tpl | 2 +- .../vier/templates/widget_forumlist_right.tpl | 4 +-- 22 files changed, 54 insertions(+), 54 deletions(-) diff --git a/doc/BBCode.md b/doc/BBCode.md index b13d08119..cab51bd09 100644 --- a/doc/BBCode.md +++ b/doc/BBCode.md @@ -113,17 +113,17 @@ table.bbcodes > * > tr > th { [bookmark]http://friendi.ca[/bookmark]

#^[url]http://friendi.ca[/url] -

Friendica: http://friendi.ca

+

Friendica: http://friendi.ca

[bookmark=http://friendi.ca]Bookmark[/bookmark]

#^[url=http://friendi.ca]Bookmark[/url]

#[url=http://friendi.ca]^[/url][url=http://friendi.ca]Bookmark[/url] -

Friendica: Bookmark

+

Friendica: Bookmark

[url=/posts/f16d77b0630f0134740c0cc47a0ea02a]Diaspora post with GUID[/url] - Diaspora post with GUID + Diaspora post with GUID #Friendica diff --git a/doc/de/BBCode.md b/doc/de/BBCode.md index 5789be2e5..1db798427 100644 --- a/doc/de/BBCode.md +++ b/doc/de/BBCode.md @@ -113,17 +113,17 @@ table.bbcodes > * > tr > th { [bookmark]http://friendi.ca[/bookmark]

#^[url]http://friendi.ca[/url] -

Friendica: http://friendi.ca

+

Friendica: http://friendi.ca

[bookmark=http://friendi.ca]Lesezeichen[/bookmark]

#^[url=http://friendi.ca]Lesezeichen[/url]

#[url=http://friendi.ca]^[/url][url=http://friendi.ca]Lesezeichen[/url] -

Friendica: Lesezeichen

+

Friendica: Lesezeichen

[url=/posts/f16d77b0630f0134740c0cc47a0ea02a]Diaspora Beitrag mit GUID[/url] - Diaspora Beitrag mit GUID + Diaspora Beitrag mit GUID #Friendica diff --git a/doc/de/Chats.md b/doc/de/Chats.md index 77dfdeb44..9c1a82b18 100644 --- a/doc/de/Chats.md +++ b/doc/de/Chats.md @@ -25,13 +25,13 @@ In den ersten Zeilen wird Dir Dein Name und Deine aktuelle IP-Adresse angezeigt. Rechts im Fenster siehst Du alle Teilnehmer des Chats. Unten hast Du ein Eingabefeld, um Beiträge zu schreiben. -Weiter Informationen zu IRC findest Du zum Beispiel auf ubuntuusers.de, in Wikipedia oder bei icrhelp.org (in Englisch). +Weiter Informationen zu IRC findest Du zum Beispiel auf ubuntuusers.de, in Wikipedia oder bei icrhelp.org (in Englisch). ## Jappix Mini Das Jappix Mini Addon erlaubt das Erstellen einer Chatbox für Jabber/XMPP-Kontakte. Ein Jabber/XMPP Account sollte vor der Installation bereits vorhanden sein. -Die ausführliche Anleitung dazu und eine Kontrolle, ob Du nicht sogar schon über Deinen E-Mail Anbieter einen Jabber-Account hast, findest Du unter einfachjabber.de. +Die ausführliche Anleitung dazu und eine Kontrolle, ob Du nicht sogar schon über Deinen E-Mail Anbieter einen Jabber-Account hast, findest Du unter einfachjabber.de. Einige Server zum Anmelden eines neuen Accounts: diff --git a/doc/de/Developers.md b/doc/de/Developers.md index 2b44e405f..4c5e4a62b 100644 --- a/doc/de/Developers.md +++ b/doc/de/Developers.md @@ -26,4 +26,4 @@ Dies gilt vor allem für Übersetzungen, da wir hier möglicherweise nicht alle Außerdem: **teste Deine Änderungen!** Vergiss nicht, dass eine simple Fehlerlösung einen anderen Fehler auslösen kann. Lass Deine Änderungen von einem erfahrenen Friendica-Entwickler gegenprüfen. -Eine ausführliche Anleitung zu Git findest Du unter https://git-scm.com/book/de/v1. +Eine ausführliche Anleitung zu Git findest Du unter https://git-scm.com/book/de/v1. diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index 7b4b7b73d..9ea077507 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -634,12 +634,12 @@ class BBCode if (!empty($data['title']) && !empty($data['url'])) { if (!empty($data['image']) && empty($data['text']) && ($data['type'] == 'photo')) { - $return .= sprintf('', $data['url'], self::proxyUrl($data['image'], $simplehtml), $data['title']); + $return .= sprintf('', $data['url'], self::proxyUrl($data['image'], $simplehtml), $data['title']); } else { if (!empty($data['image'])) { - $return .= sprintf('
', $data['url'], self::proxyUrl($data['image'], $simplehtml), $data['title']); + $return .= sprintf('
', $data['url'], self::proxyUrl($data['image'], $simplehtml), $data['title']); } elseif (!empty($data['preview'])) { - $return .= sprintf('
', $data['url'], self::proxyUrl($data['preview'], $simplehtml), $data['title']); + $return .= sprintf('
', $data['url'], self::proxyUrl($data['preview'], $simplehtml), $data['title']); } $return .= sprintf('

%s

', $data['url'], $data['title']); } @@ -732,7 +732,7 @@ class BBCode */ private static function convertUrlForActivityPub($url) { - $html = '%s'; + $html = '%s'; return sprintf($html, $url, self::getStyledURL($url)); } @@ -1038,7 +1038,7 @@ class BBCode break; case 4: $headline = '

' . html_entity_decode('♲ ', ENT_QUOTES, 'UTF-8'); - $headline .= DI::l10n()->t('%2$s %3$s', $attributes['link'], $mention, $attributes['posted']); + $headline .= DI::l10n()->t('%2$s %3$s', $attributes['link'], $mention, $attributes['posted']); $headline .= ':

' . "\n"; $text = ($is_quote_share? '
' : '') . $headline . '
' . trim($content) . '
' . "\n"; @@ -1636,9 +1636,9 @@ class BBCode $text = preg_replace_callback("/\[audio\](.*?)\[\/audio\]/ism", $try_oembed_callback, $text); } else { $text = preg_replace("/\[video\](.*?)\[\/video\]/ism", - '$1', $text); + '$1', $text); $text = preg_replace("/\[audio\](.*?)\[\/audio\]/ism", - '$1', $text); + '$1', $text); } // html5 video and audio @@ -1665,7 +1665,7 @@ class BBCode $text = preg_replace("/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", '', $text); } else { $text = preg_replace("/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", - 'https://www.youtube.com/watch?v=$1', $text); + 'https://www.youtube.com/watch?v=$1', $text); } if ($try_oembed) { @@ -1680,7 +1680,7 @@ class BBCode $text = preg_replace("/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", '', $text); } else { $text = preg_replace("/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", - 'https://vimeo.com/$1', $text); + 'https://vimeo.com/$1', $text); } // oembed tag @@ -1801,17 +1801,17 @@ class BBCode . ''; }, $text); - // We need no target="_blank" for local links - // convert links start with DI::baseUrl() as local link without the target="_blank" attribute + // We need no target="_blank" rel="noopener noreferrer" for local links + // convert links start with DI::baseUrl() as local link without the target="_blank" rel="noopener noreferrer" attribute $escapedBaseUrl = preg_quote(DI::baseUrl(), '/'); $text = preg_replace("/\[url\](".$escapedBaseUrl.".*?)\[\/url\]/ism", '$1', $text); $text = preg_replace("/\[url\=(".$escapedBaseUrl.".*?)\](.*?)\[\/url\]/ism", '$2', $text); - $text = preg_replace("/\[url\](.*?)\[\/url\]/ism", '$1', $text); - $text = preg_replace("/\[url\=(.*?)\](.*?)\[\/url\]/ism", '$2', $text); + $text = preg_replace("/\[url\](.*?)\[\/url\]/ism", '$1', $text); + $text = preg_replace("/\[url\=(.*?)\](.*?)\[\/url\]/ism", '$2', $text); // Red compatibility, though the link can't be authenticated on Friendica - $text = preg_replace("/\[zrl\=(.*?)\](.*?)\[\/zrl\]/ism", '$2', $text); + $text = preg_replace("/\[zrl\=(.*?)\](.*?)\[\/zrl\]/ism", '$2', $text); // we may need to restrict this further if it picks up too many strays diff --git a/src/Content/Text/HTML.php b/src/Content/Text/HTML.php index 089c5d368..593be7d5f 100644 --- a/src/Content/Text/HTML.php +++ b/src/Content/Text/HTML.php @@ -943,7 +943,7 @@ class HTML */ public static function toLink($s) { - $s = preg_replace("/(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\'\%\$\!\+]*)/", ' $1', $s); + $s = preg_replace("/(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\'\%\$\!\+]*)/", ' $1', $s); $s = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism", '<$1$2=$3&$4>', $s); return $s; } diff --git a/src/Model/Item.php b/src/Model/Item.php index b960ba38f..9d2acdce0 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -3630,7 +3630,7 @@ class Item $title .= ' ' . $mtch[2] . ' ' . DI::l10n()->t('bytes'); $icon = '
'; - $as .= '' . $icon . ''; + $as .= '' . $icon . ''; } if ($as != '') { diff --git a/src/Model/Term.php b/src/Model/Term.php index 6e92c9ce1..713218e18 100644 --- a/src/Model/Term.php +++ b/src/Model/Term.php @@ -462,13 +462,13 @@ class Term $item['body'] = str_replace($orig_tag, $tag['url'], $item['body']); } - $return['hashtags'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; - $return['tags'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; + $return['hashtags'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; + $return['tags'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; break; case self::MENTION: $tag['url'] = Contact::magicLink($tag['url']); - $return['mentions'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; - $return['tags'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; + $return['mentions'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; + $return['tags'][] = $prefix . '' . htmlspecialchars($tag['term']) . ''; break; case self::IMPLICIT_MENTION: $return['implicit_mentions'][] = $prefix . $tag['term']; diff --git a/src/Module/Admin/Tos.php b/src/Module/Admin/Tos.php index c9dd3d879..811a0eb25 100644 --- a/src/Module/Admin/Tos.php +++ b/src/Module/Admin/Tos.php @@ -60,7 +60,7 @@ class Tos extends BaseAdmin '$title' => DI::l10n()->t('Administration'), '$page' => DI::l10n()->t('Terms of Service'), '$displaytos' => ['displaytos', DI::l10n()->t('Display Terms of Service'), DI::config()->get('system', 'tosdisplay'), DI::l10n()->t('Enable the Terms of Service page. If this is enabled a link to the terms will be added to the registration form and the general information page.')], - '$displayprivstatement' => ['displayprivstatement', DI::l10n()->t('Display Privacy Statement'), DI::config()->get('system', 'tosprivstatement'), DI::l10n()->t('Show some informations regarding the needed information to operate the node according e.g. to EU-GDPR.', 'https://en.wikipedia.org/wiki/General_Data_Protection_Regulation')], + '$displayprivstatement' => ['displayprivstatement', DI::l10n()->t('Display Privacy Statement'), DI::config()->get('system', 'tosprivstatement'), DI::l10n()->t('Show some informations regarding the needed information to operate the node according e.g. to EU-GDPR.', 'https://en.wikipedia.org/wiki/General_Data_Protection_Regulation')], '$preview' => DI::l10n()->t('Privacy Statement Preview'), '$privtext' => $tos->privacy_complete, '$tostext' => ['tostext', DI::l10n()->t('The Terms of Service'), DI::config()->get('system', 'tostext'), DI::l10n()->t('Enter the Terms of Service for your node here. You can use BBCode. Headers of sections should be [h2] and below.')], diff --git a/tests/datasets/content/text/html/bug-7474.html b/tests/datasets/content/text/html/bug-7474.html index 0bba94e63..1ed97bce6 100644 --- a/tests/datasets/content/text/html/bug-7474.html +++ b/tests/datasets/content/text/html/bug-7474.html @@ -1 +1 @@ -

I recently released a PHP package that makes executing commands over SSH super simple. You can also upload/download files via SCP.

github.com/DivineOmega/php-ssh

\ No newline at end of file +

I recently released a PHP package that makes executing commands over SSH super simple. You can also upload/download files via SCP.

github.com/DivineOmega/php-ssh

\ No newline at end of file diff --git a/tests/src/Content/Text/BBCodeTest.php b/tests/src/Content/Text/BBCodeTest.php index f827eb5b1..1a1d06dc7 100644 --- a/tests/src/Content/Text/BBCodeTest.php +++ b/tests/src/Content/Text/BBCodeTest.php @@ -164,7 +164,7 @@ class BBCodeTest extends MockedTest public function testAutoLinking($data, $assertHTML) { $output = BBCode::convert($data); - $assert = '' . $data . ''; + $assert = '' . $data . ''; if ($assertHTML) { $this->assertEquals($assert, $output); } else { @@ -176,21 +176,21 @@ class BBCodeTest extends MockedTest { return [ 'bug-7271-condensed-space' => [ - 'expectedHtml' => '', + 'expectedHtml' => '', 'text' => '[ol][*] http://example.com/[/ol]', ], 'bug-7271-condensed-nospace' => [ - 'expectedHtml' => '', + 'expectedHtml' => '', 'text' => '[ol][*]http://example.com/[/ol]', ], 'bug-7271-indented-space' => [ - 'expectedHtml' => '', + 'expectedHtml' => '', 'text' => '[ul] [*] http://example.com/ [/ul]', ], 'bug-7271-indented-nospace' => [ - 'expectedHtml' => '', + 'expectedHtml' => '', 'text' => '[ul] [*]http://example.com/ [/ul]', diff --git a/view/templates/event.tpl b/view/templates/event.tpl index f1d2bf102..f318c909b 100644 --- a/view/templates/event.tpl +++ b/view/templates/event.tpl @@ -4,7 +4,7 @@ {{if $event.item.author_name}}{{$event.item.author_name}}{{/if}} {{$event.html nofilter}} - {{if $event.item.plink}}{{/if}} + {{if $event.item.plink}}{{/if}} {{if $event.edit}}{{/if}} {{if $event.copy}}{{/if}} {{if $event.drop}}{{/if}} diff --git a/view/templates/events.tpl b/view/templates/events.tpl index cae7b3282..7f55e52d8 100644 --- a/view/templates/events.tpl +++ b/view/templates/events.tpl @@ -17,7 +17,7 @@ {{if $event.is_first}}
{{$event.d}}
{{/if}} {{if $event.item.author_name}}{{$event.item.author_name}}{{/if}} {{$event.html nofilter}} - {{if $event.item.plink}}{{/if}} + {{if $event.item.plink}}{{/if}} {{if $event.edit}}{{/if}}
diff --git a/view/templates/profile/vcard.tpl b/view/templates/profile/vcard.tpl index 0f27284cd..521738107 100644 --- a/view/templates/profile/vcard.tpl +++ b/view/templates/profile/vcard.tpl @@ -41,7 +41,7 @@ {{if $updated}}{{/if}} - {{if $homepage}}
{{$homepage}}
{{$profile.homepage}}
{{/if}} + {{if $homepage}}
{{$homepage}}
{{$profile.homepage}}
{{/if}} {{if $about}}
{{$about}}
{{$profile.about nofilter}}
{{/if}} diff --git a/view/templates/shared_content.tpl b/view/templates/shared_content.tpl index 2e892d334..32cfbe372 100644 --- a/view/templates/shared_content.tpl +++ b/view/templates/shared_content.tpl @@ -1,12 +1,12 @@
{{if $avatar}} - + {{/if}} -
{{$author}}
- +
{{$author}}
+
{{$content nofilter}}
diff --git a/view/templates/wall_thread.tpl b/view/templates/wall_thread.tpl index 390f99b46..7b205504d 100644 --- a/view/templates/wall_thread.tpl +++ b/view/templates/wall_thread.tpl @@ -84,10 +84,10 @@ {{/if}} {{if $item.remote_comment}} - + {{/if}} {{if $item.plink}} - + {{/if}} {{if $item.edpost}} diff --git a/view/templates/widget_forumlist.tpl b/view/templates/widget_forumlist.tpl index 01f61d603..1d35b1948 100644 --- a/view/templates/widget_forumlist.tpl +++ b/view/templates/widget_forumlist.tpl @@ -24,7 +24,7 @@ function showHideForumlist() { {{if $forum.id <= $visible_forums}}