Page MenuHomePhabricator
Differential D19118

Explicitly add rel="noreferrer" to all external links
ClosedPublic
Actions

Authored by epriestley on Feb 18 2018, 1:43 AM.
Tags
None
Referenced Files
F18855813: D19118.id.diff
Sat, Nov 1, 6:53 AM
F18840020: D19118.diff
Mon, Oct 27, 8:36 PM
F18834697: D19118.id.diff
Oct 26 2025, 10:17 AM
F18783837: D19118.id45810.diff
Oct 13 2025, 9:55 AM
F18769318: D19118.diff
Oct 8 2025, 7:11 AM
F18672997: D19118.id45812.diff
Sep 25 2025, 8:59 AM
F18657948: D19118.diff
Sep 23 2025, 4:12 AM
F18630978: D19118.diff
Sep 16 2025, 1:50 PM
View All Files
Subscribers
Restricted Owners Package

Details

Reviewers
None
Commits
rP05a4c55c52be: Explicitly add rel="noreferrer" to all external links
Summary

See D19117. Instead of automatically figuring this out inside phutil_tag(), explicitly add rel="noreferrer" at the application level to all external links.

Test Plan
  • Grepped for _blank, isValidRemoteURIForLink, checked all callsites for user-controlled data.
  • Created a link menu item, verified noreferrer in markup.
  • Created a link custom field, verified no referrer in markup.
  • Verified noreferrer for {nav href=...}.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Feb 18 2018, 1:43 AM
Owners added a subscriber: Restricted Owners Package.Feb 18 2018, 1:43 AM
Harbormaster completed remote builds in B19618: Diff 45810.Feb 18 2018, 1:44 AM
This revision was not accepted when it landed; it landed in state Needs Review.Feb 18 2018, 1:44 AM
epriestley requested review of this revision.
Closed by commit rP05a4c55c52be: Explicitly add rel="noreferrer" to all external links (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.
epriestley added inline comments.Feb 18 2018, 2:04 AM
src/applications/files/markup/PhabricatorImageRemarkupRule.php
23

This was rendering <img href="..." /> which has no effect since href doesn't go on img.

Revision Contents
Changeset List

PathSize
src/
applications/
auth/
view/
1 line
calendar/
import/
1 line
files/
markup/
8 lines
harbormaster/
artifact/
1 line
nuance/
item/
2 lines
phurl/
remarkup/
1 line
search/
menuitem/
3 lines
infrastructure/
customfield/
standard/
6 lines
view/
layout/
3 lines
phui/
13 lines
25 lines

Diff 45812

View Options

src/applications/auth/view/PhabricatorAuthAccountView.php

Loading...
View Options

src/applications/calendar/import/PhabricatorCalendarICSURIImportEngine.php

Loading...
View Options

src/applications/files/markup/PhabricatorImageRemarkupRule.php

Loading...
View Options

src/applications/harbormaster/artifact/HarbormasterURIArtifact.php

Loading...
View Options

src/applications/nuance/item/NuanceGitHubEventItemType.php

Loading...
View Options

src/applications/phurl/remarkup/PhabricatorPhurlLinkRemarkupRule.php

Loading...
View Options

src/applications/search/menuitem/PhabricatorLinkProfileMenuItem.php

Loading...
View Options

src/infrastructure/customfield/standard/PhabricatorStandardCustomFieldLink.php

Loading...
View Options

src/view/layout/PhabricatorActionView.php

Loading...
View Options

src/view/phui/PHUIListItemView.php

Loading...
View Options

src/view/phui/PHUITagView.php

Loading...
Phabricator · Built by Phacility