Add translate="no" to outgoing mentions and links (#25524)

This commit is contained in:
Claire 2023-06-20 18:10:19 +02:00 committed by GitHub
parent 3a91603b15
commit c78280a8ce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 4 deletions

View file

@ -79,7 +79,7 @@ class TextFormatter
cutoff = url[prefix.length..-1].length > 30 cutoff = url[prefix.length..-1].length > 30
<<~HTML.squish <<~HTML.squish
<a href="#{h(url)}" target="_blank" rel="#{rel.join(' ')}"><span class="invisible">#{h(prefix)}</span><span class="#{cutoff ? 'ellipsis' : ''}">#{h(display_url)}</span><span class="invisible">#{h(suffix)}</span></a> <a href="#{h(url)}" target="_blank" rel="#{rel.join(' ')}" translate="no"><span class="invisible">#{h(prefix)}</span><span class="#{cutoff ? 'ellipsis' : ''}">#{h(display_url)}</span><span class="invisible">#{h(suffix)}</span></a>
HTML HTML
rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
h(entity[:url]) h(entity[:url])
@ -122,7 +122,7 @@ class TextFormatter
display_username = same_username_hits&.positive? || with_domains? ? account.pretty_acct : account.username display_username = same_username_hits&.positive? || with_domains? ? account.pretty_acct : account.username
<<~HTML.squish <<~HTML.squish
<span class="h-card"><a href="#{h(url)}" class="u-url mention">@<span>#{h(display_username)}</span></a></span> <span class="h-card" translate="no"><a href="#{h(url)}" class="u-url mention">@<span>#{h(display_username)}</span></a></span>
HTML HTML
end end

View file

@ -36,6 +36,11 @@ class Sanitize
node['class'] = class_list.join(' ') node['class'] = class_list.join(' ')
end end
TRANSLATE_TRANSFORMER = lambda do |env|
node = env[:node]
node.remove_attribute('translate') unless node['translate'] == 'no'
end
UNSUPPORTED_HREF_TRANSFORMER = lambda do |env| UNSUPPORTED_HREF_TRANSFORMER = lambda do |env|
return unless env[:node_name] == 'a' return unless env[:node_name] == 'a'
@ -63,8 +68,8 @@ class Sanitize
elements: %w(p br span a del pre blockquote code b strong u i em ul ol li), elements: %w(p br span a del pre blockquote code b strong u i em ul ol li),
attributes: { attributes: {
'a' => %w(href rel class), 'a' => %w(href rel class translate),
'span' => %w(class), 'span' => %w(class translate),
'ol' => %w(start reversed), 'ol' => %w(start reversed),
'li' => %w(value), 'li' => %w(value),
}, },
@ -80,6 +85,7 @@ class Sanitize
transformers: [ transformers: [
CLASS_WHITELIST_TRANSFORMER, CLASS_WHITELIST_TRANSFORMER,
TRANSLATE_TRANSFORMER,
UNSUPPORTED_ELEMENTS_TRANSFORMER, UNSUPPORTED_ELEMENTS_TRANSFORMER,
UNSUPPORTED_HREF_TRANSFORMER, UNSUPPORTED_HREF_TRANSFORMER,
] ]

View file

@ -38,6 +38,14 @@ describe Sanitize::Config do
expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>' expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
end end
it 'keeps a with translate="no"' do
expect(Sanitize.fragment('<a href="http://example.com" translate="no">Test</a>', subject)).to eq '<a href="http://example.com" translate="no" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
end
it 'removes "translate" attribute with invalid value' do
expect(Sanitize.fragment('<a href="http://example.com" translate="foo">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
end
it 'removes a with unparsable href' do it 'removes a with unparsable href' do
expect(Sanitize.fragment('<a href=" https://google.fr">Test</a>', subject)).to eq 'Test' expect(Sanitize.fragment('<a href=" https://google.fr">Test</a>', subject)).to eq 'Test'
end end