From cf3041220a7a14dc3fac24177fac1f4aecc77f5f Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 17 Sep 2019 15:22:46 +0700 Subject: [PATCH 1/4] Add support for `rel="ugc"` --- config/config.exs | 2 +- config/description.exs | 2 +- docs/config.md | 2 +- lib/pleroma/html.ex | 6 ++++-- test/formatter_test.exs | 24 ++++++++++++---------- test/web/common_api/common_api_utils_test.exs | 6 +++--- .../update_credentials_test.exs | 2 +- 7 files changed, 24 insertions(+), 20 deletions(-) diff --git a/config/config.exs b/config/config.exs index c7e0cf09f..26dc4d16d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -507,7 +507,7 @@ config :auto_linker, class: false, strip_prefix: false, new_window: false, - rel: false + rel: "ugc" ] config :pleroma, :ldap, diff --git a/config/description.exs b/config/description.exs index 65ea6bf01..abfb6370f 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1900,7 +1900,7 @@ config :pleroma, :config_description, [ key: :rel, type: [:string, false], description: "override the rel attribute. false to clear", - suggestions: ["noopener noreferrer", false] + suggestions: ["ugc", false] }, %{ key: :new_window, diff --git a/docs/config.md b/docs/config.md index 3f37fa561..def462900 100644 --- a/docs/config.md +++ b/docs/config.md @@ -521,7 +521,7 @@ config :auto_linker, class: false, strip_prefix: false, new_window: false, - rel: false + rel: "ugc" ] ``` diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 3951f0f51..937bafed5 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -184,7 +184,8 @@ defmodule Pleroma.HTML.Scrubber.Default do "tag", "nofollow", "noopener", - "noreferrer" + "noreferrer", + "ugc" ]) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) @@ -304,7 +305,8 @@ defmodule Pleroma.HTML.Scrubber.LinksOnly do "nofollow", "noopener", "noreferrer", - "me" + "me", + "ugc" ]) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) diff --git a/test/formatter_test.exs b/test/formatter_test.exs index c443dfe7c..3674577d6 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -39,21 +39,21 @@ defmodule Pleroma.FormatterTest do text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ." expected = - "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ." + ~S(Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla .) assert {^expected, [], []} = Formatter.linkify(text) text = "https://mastodon.social/@lambadalambda" expected = - "https://mastodon.social/@lambadalambda" + ~S(https://mastodon.social/@lambadalambda) assert {^expected, [], []} = Formatter.linkify(text) text = "https://mastodon.social:4000/@lambadalambda" expected = - "https://mastodon.social:4000/@lambadalambda" + ~S(https://mastodon.social:4000/@lambadalambda) assert {^expected, [], []} = Formatter.linkify(text) @@ -63,55 +63,57 @@ defmodule Pleroma.FormatterTest do assert {^expected, [], []} = Formatter.linkify(text) text = "http://www.cs.vu.nl/~ast/intel/" - expected = "http://www.cs.vu.nl/~ast/intel/" + + expected = + ~S(http://www.cs.vu.nl/~ast/intel/) assert {^expected, [], []} = Formatter.linkify(text) text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" expected = - "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" + "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" assert {^expected, [], []} = Formatter.linkify(text) text = "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" expected = - "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" + "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" assert {^expected, [], []} = Formatter.linkify(text) text = "https://www.google.co.jp/search?q=Nasim+Aghdam" expected = - "https://www.google.co.jp/search?q=Nasim+Aghdam" + "https://www.google.co.jp/search?q=Nasim+Aghdam" assert {^expected, [], []} = Formatter.linkify(text) text = "https://en.wikipedia.org/wiki/Duff's_device" expected = - "https://en.wikipedia.org/wiki/Duff's_device" + "https://en.wikipedia.org/wiki/Duff's_device" assert {^expected, [], []} = Formatter.linkify(text) text = "https://pleroma.com https://pleroma.com/sucks" expected = - "https://pleroma.com https://pleroma.com/sucks" + "https://pleroma.com https://pleroma.com/sucks" assert {^expected, [], []} = Formatter.linkify(text) text = "xmpp:contact@hacktivis.me" - expected = "xmpp:contact@hacktivis.me" + expected = "xmpp:contact@hacktivis.me" assert {^expected, [], []} = Formatter.linkify(text) text = "magnet:?xt=urn:btih:7ec9d298e91d6e4394d1379caf073c77ff3e3136&tr=udp%3A%2F%2Fopentor.org%3A2710&tr=udp%3A%2F%2Ftracker.blackunicorn.xyz%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com" - expected = "#{text}" + expected = "#{text}" assert {^expected, [], []} = Formatter.linkify(text) end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index 230146451..78cfe3c5f 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -157,11 +157,11 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do text = "**hello world**\n\n*another @user__test and @user__test google.com paragraph*" expected = - "

hello world

\n

another hello world

\n

another @user__test and @user__test and @user__test google.com paragraph

\n" + }" class="u-url mention" href="http://foo.com/user__test">@user__test google.com paragraph

\n) {output, _, _} = Utils.format_input(text, "text/markdown") diff --git a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs index 89d4ca37e..1e8d0d03b 100644 --- a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs +++ b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs @@ -334,7 +334,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do assert account["fields"] == [ %{"name" => "foo", "value" => "bar"}, - %{"name" => "link", "value" => "cofe.io"} + %{"name" => "link", "value" => ~S(cofe.io)} ] assert account["source"]["fields"] == [ From d639cdcecb1b9cd2326b98c926dff8b0f4c27e3c Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 19 Sep 2019 14:04:13 +0700 Subject: [PATCH 2/4] Update "config/description.exs" --- config/description.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/description.exs b/config/description.exs index abfb6370f..510e285df 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1900,7 +1900,7 @@ config :pleroma, :config_description, [ key: :rel, type: [:string, false], description: "override the rel attribute. false to clear", - suggestions: ["ugc", false] + suggestions: ["ugc", "noopener noreferrer", false] }, %{ key: :new_window, From 95c948110ca130559fd6a5302011aa58900274ac Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 19 Sep 2019 14:39:52 +0700 Subject: [PATCH 3/4] Add `rel="ugc"` to hashtags and mentions --- lib/pleroma/formatter.ex | 6 ++--- test/formatter_test.exs | 30 +++++++++++++--------- test/user_test.exs | 4 +-- test/web/common_api/common_api_utils_test.exs | 4 +-- .../update_credentials_test.exs | 7 +++-- .../mastodon_api/mastodon_api_controller_test.exs | 8 +++--- test/web/twitter_api/twitter_api_test.exs | 4 ++- 7 files changed, 35 insertions(+), 28 deletions(-) diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 607843a5b..23a5ac8fe 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -36,9 +36,9 @@ defmodule Pleroma.Formatter do nickname_text = get_nickname_text(nickname, opts) link = - "@#{ + ~s(@#{ nickname_text - }" + }) {link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}} @@ -50,7 +50,7 @@ defmodule Pleroma.Formatter do def hashtag_handler("#" <> tag = tag_text, _buffer, _opts, acc) do tag = String.downcase(tag) url = "#{Pleroma.Web.base_url()}/tag/#{tag}" - link = "" + link = ~s(#{tag_text}) {link, %{acc | tags: MapSet.put(acc.tags, {tag_text, tag})}} end diff --git a/test/formatter_test.exs b/test/formatter_test.exs index 3674577d6..2e4280fc2 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -19,7 +19,7 @@ defmodule Pleroma.FormatterTest do text = "I love #cofe and #2hu" expected_text = - "I love and " + ~s(I love #cofe and #2hu) assert {^expected_text, [], _tags} = Formatter.linkify(text) end @@ -28,7 +28,7 @@ defmodule Pleroma.FormatterTest do text = "#fact_3: pleroma does what mastodon't" expected_text = - ": pleroma does what mastodon't" + ~s(#fact_3: pleroma does what mastodon't) assert {^expected_text, [], _tags} = Formatter.linkify(text) end @@ -137,13 +137,13 @@ defmodule Pleroma.FormatterTest do assert length(mentions) == 3 expected_text = - "@gsimg According to @archa_eme_, that is @daggsy. Also hello @archaeme" + }" class="u-url mention" href="#{archaeme_remote.ap_id}" rel="ugc">@archaeme) assert expected_text == text end @@ -158,7 +158,9 @@ defmodule Pleroma.FormatterTest do assert length(mentions) == 1 expected_text = - "@mike test" + ~s(@mike test) assert expected_text == text end @@ -172,7 +174,7 @@ defmodule Pleroma.FormatterTest do assert length(mentions) == 1 expected_text = - "@o hi" + ~s(@o hi) assert expected_text == text end @@ -194,13 +196,17 @@ defmodule Pleroma.FormatterTest do assert mentions == [{"@#{user.nickname}", user}, {"@#{other_user.nickname}", other_user}] assert expected_text == - "@#{user.nickname} @#{other_user.nickname} hey dudes i hate @#{third_user.nickname}" + }" class="u-url mention" href="#{third_user.ap_id}" rel="ugc">@#{ + third_user.nickname + }) end test "given the 'safe_mention' option, it will still work without any mention" do diff --git a/test/user_test.exs b/test/user_test.exs index 39ba69668..6852fcd40 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1294,9 +1294,9 @@ defmodule Pleroma.UserTest do bio = "A.k.a. @nick@domain.com" expected_text = - "A.k.a. @nick@domain.com" + }" rel="ugc">@nick@domain.com) assert expected_text == User.parse_bio(bio, user) end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index 78cfe3c5f..2588898d0 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -159,9 +159,9 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do expected = ~s(

hello world

\n

another @user__test and @user__test and @user__test google.com paragraph

\n) + }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@user__test google.com paragraph

\n) {output, _, _} = Utils.format_input(text, "text/markdown") diff --git a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs index 1e8d0d03b..560f55137 100644 --- a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs +++ b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs @@ -86,10 +86,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do assert user = json_response(conn, 200) assert user["note"] == - ~s(I drink with @) <> user2.nickname <> ~s() + ~s(I drink #cofe with @#{user2.nickname}) end test "updates the user's locking status", %{conn: conn} do diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index fb04748bb..b85f3e758 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -996,9 +996,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> get("/api/v1/notifications") expected_response = - "hi @#{user.nickname}" + }" rel="ugc">@#{user.nickname}) assert [%{"status" => %{"content" => response}} | _rest] = json_response(conn, 200) assert response == expected_response @@ -1018,9 +1018,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do |> get("/api/v1/notifications/#{notification.id}") expected_response = - "hi @#{user.nickname}" + }" rel="ugc">@#{user.nickname}) assert %{"status" => %{"content" => response}} = json_response(conn, 200) assert response == expected_response diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 08f264431..bf1e233f5 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -109,7 +109,9 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do {:ok, user2} = TwitterAPI.register_user(data2) expected_text = - "@john test" + ~s(@john test) assert user2.bio == expected_text end From ae1d371428e16b738b8ec638e411e5e8c1ac4937 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 19 Sep 2019 14:53:34 +0700 Subject: [PATCH 4/4] Update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 906aa985e..f84b0ac68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -38,6 +38,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses) - Improve digest email template – Pagination: (optional) return `total` alongside with `items` when paginating +- Add `rel="ugc"` to all links in statuses, to prevent SEO spam ### Fixed - Following from Osada