You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.0 KiB
38 lines
1.0 KiB
2 years ago
|
<?php
|
||
|
|
||
|
// must be called POST validation
|
||
|
|
||
|
/**
|
||
|
* Adds rel="noreferrer" to any links which target a different window
|
||
|
* than the current one. This is used to prevent malicious websites
|
||
|
* from silently replacing the original window, which could be used
|
||
|
* to do phishing.
|
||
|
* This transform is controlled by %HTML.TargetNoreferrer.
|
||
|
*/
|
||
|
class HTMLPurifier_AttrTransform_TargetNoreferrer extends HTMLPurifier_AttrTransform
|
||
|
{
|
||
|
/**
|
||
|
* @param array $attr
|
||
|
* @param HTMLPurifier_Config $config
|
||
|
* @param HTMLPurifier_Context $context
|
||
|
* @return array
|
||
|
*/
|
||
|
public function transform($attr, $config, $context)
|
||
|
{
|
||
|
if (isset($attr['rel'])) {
|
||
|
$rels = explode(' ', $attr['rel']);
|
||
|
} else {
|
||
|
$rels = array();
|
||
|
}
|
||
|
if (isset($attr['target']) && !in_array('noreferrer', $rels)) {
|
||
|
$rels[] = 'noreferrer';
|
||
|
}
|
||
|
if (!empty($rels) || isset($attr['rel'])) {
|
||
|
$attr['rel'] = implode(' ', $rels);
|
||
|
}
|
||
|
|
||
|
return $attr;
|
||
|
}
|
||
|
}
|
||
|
|