vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add pre-save content filter to make target=_blank always secure.

Browse Source 
Props notnownikki, iseulde, azaozz
Fixes #43187

git-svn-id: https://develop.svn.wordpress.org/trunk@42770 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Ozz
2018-03-02 14:41:04 +00:00
parent c3615b2688
commit 6d094f61bb
5 changed files with 160 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
tests/phpunit/tests/formatting/WPTargetedLinkRel.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
/**
* @group formatting
* @ticket 43187
*/
class Tests_Targeted_Link_Rel extends WP_UnitTestCase {
public function test_add_to_links_with_target_blank() {
$content = '<p>Links: <a href="/" target="_blank">No rel</a></p>';
$expected = '<p>Links: <a href="/" target="_blank" rel="noopener noreferrer">No rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_add_to_links_with_target_foo() {
$content = '<p>Links: <a href="/" target="foo">No rel</a></p>';
$expected = '<p>Links: <a href="/" target="foo" rel="noopener noreferrer">No rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_target_as_first_attribute() {
$content = '<p>Links: <a target="_blank" href="#">No rel</a></p>';
$expected = '<p>Links: <a target="_blank" href="#" rel="noopener noreferrer">No rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_add_to_existing_rel() {
$content = '<p>Links: <a href="/" rel="existing values" target="_blank">Existing rel</a></p>';
$expected = '<p>Links: <a href="/" rel="existing values noopener noreferrer" target="_blank">Existing rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_no_duplicate_values_added() {
$content = '<p>Links: <a href="/" rel="existing noopener values" target="_blank">Existing rel</a></p>';
$expected = '<p>Links: <a href="/" rel="existing noopener values noreferrer" target="_blank">Existing rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_rel_with_single_quote_delimiter() {
$content = '<p>Links: <a href="/" rel=\'existing values\' target="_blank">Existing rel</a></p>';
$expected = '<p>Links: <a href="/" rel=\'existing values noopener noreferrer\' target="_blank">Existing rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_rel_with_no_delimiter() {
$content = '<p>Links: <a href="/" rel=existing target="_blank">Existing rel</a></p>';
$expected = '<p>Links: <a href="/" rel="existing noopener noreferrer" target="_blank">Existing rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_rel_value_spaced_and_no_delimiter() {
$content = '<p>Links: <a href="/" rel = existing target="_blank">Existing rel</a></p>';
$expected = '<p>Links: <a href="/" rel="existing noopener noreferrer" target="_blank">Existing rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_rel_value_spaced_and_no_delimiter_and_values_to_escape() {
$content = '<p>Links: <a href="/" rel = existing"value target="_blank">Existing rel</a></p>';
$expected = '<p>Links: <a href="/" rel="existing&quot;value noopener noreferrer" target="_blank">Existing rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_escaped_quotes() {
$content = '<p>Links: <a href=\"/\" rel=\"existing values\" target=\"_blank\">Existing rel</a></p>';
$expected = '<p>Links: <a href=\"/\" rel=\"existing values noopener noreferrer\" target=\"_blank\">Existing rel</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
public function test_ignore_links_with_no_target() {
$content = '<p>Links: <a href="/" target="_blank">Change me</a> <a href="/">Do not change me</a></p>';
$expected = '<p>Links: <a href="/" target="_blank" rel="noopener noreferrer">Change me</a> <a href="/">Do not change me</a></p>';
$this->assertEquals( $expected, wp_targeted_link_rel( $content ) );
}
}

8
tests/phpunit/tests/rest-api/rest-attachments-controller.php
View File

@@ -1015,12 +1015,12 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
'rendered' => '<a href="#">link</a>',
),
'description' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
'raw' => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
),
'caption' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
'raw' => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
),
),
),

8
tests/phpunit/tests/rest-api/rest-posts-controller.php
View File

@@ -3185,12 +3185,12 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
'rendered' => '<a href="#">link</a>',
),
'content' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
'raw' => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
),
'excerpt' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
'raw' => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
),
),
),