Paths

Table of Contentst

Differential D19118

Explicitly add rel="noreferrer" to all external links
ClosedPublic
Actions

Authored by epriestley on Feb 18 2018, 1:43 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Feb 9, 5:30 AM

	Unknown Object (File)
	Sun, Feb 9, 5:30 AM

	Unknown Object (File)
	Sun, Feb 9, 5:30 AM

	Unknown Object (File)
	Sun, Jan 26, 5:54 AM

	Unknown Object (File)
	Sat, Jan 25, 12:17 AM

	Unknown Object (File)
	Sat, Jan 25, 12:17 AM

	Unknown Object (File)
	Sat, Jan 25, 12:17 AM

	Unknown Object (File)
	Wed, Jan 22, 12:46 PM

Subscribers

Restricted Owners Package

Details

Reviewers: None
Commits: rP05a4c55c52be: Explicitly add rel="noreferrer" to all external links

Summary

See D19117. Instead of automatically figuring this out inside phutil_tag(), explicitly add rel="noreferrer" at the application level to all external links.

Test Plan

Grepped for _blank, isValidRemoteURIForLink, checked all callsites for user-controlled data.
Created a link menu item, verified noreferrer in markup.
Created a link custom field, verified no referrer in markup.
Verified noreferrer for {nav href=...}.

Diff Detail

Repository

Branch

noreferrer1

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 19618
Build 26558: Run Core Tests
Build 26557: arc lint + arc unit

Event Timeline

epriestley created this revision.Feb 18 2018, 1:43 AM

Owners added a subscriber: Restricted Owners Package.Feb 18 2018, 1:43 AM

Harbormaster completed remote builds in B19618: Diff 45810.Feb 18 2018, 1:44 AM

This revision was not accepted when it landed; it landed in state Needs Review.Feb 18 2018, 1:44 AM

epriestley requested review of this revision.

Closed by commit rP05a4c55c52be: Explicitly add rel="noreferrer" to all external links (authored by epriestley). · Explain Why

This revision was automatically updated to reflect the committed changes.

epriestley added inline comments.Feb 18 2018, 2:04 AM

src/applications/files/markup/PhabricatorImageRemarkupRule.php
23	This was rendering `<img href="..." />` which has no effect since `href` doesn't go on `img`.

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

view/

PhabricatorAuthAccountView.php

1 line

calendar/

import/

PhabricatorCalendarICSURIImportEngine.php

1 line

files/

markup/

PhabricatorImageRemarkupRule.php

8 lines

harbormaster/

artifact/

HarbormasterURIArtifact.php

1 line

nuance/

item/

NuanceGitHubEventItemType.php

2 lines

phurl/

remarkup/

PhabricatorPhurlLinkRemarkupRule.php

1 line

search/

menuitem/

PhabricatorLinkProfileMenuItem.php

3 lines

infrastructure/

customfield/

standard/

PhabricatorStandardCustomFieldLink.php

6 lines

view/

layout/

PhabricatorActionView.php

3 lines

phui/

PHUIListItemView.php

13 lines

PHUITagView.php

25 lines

Diff 45810

src/applications/auth/view/PhabricatorAuthAccountView.php

Loading...

src/applications/calendar/import/PhabricatorCalendarICSURIImportEngine.php

Loading...

src/applications/files/markup/PhabricatorImageRemarkupRule.php

Loading...

src/applications/harbormaster/artifact/HarbormasterURIArtifact.php

Loading...

src/applications/nuance/item/NuanceGitHubEventItemType.php

Loading...

src/applications/phurl/remarkup/PhabricatorPhurlLinkRemarkupRule.php

Loading...

src/applications/search/menuitem/PhabricatorLinkProfileMenuItem.php

Loading...

src/infrastructure/customfield/standard/PhabricatorStandardCustomFieldLink.php

Loading...

src/view/layout/PhabricatorActionView.php

Loading...

src/view/phui/PHUIListItemView.php

Loading...

src/view/phui/PHUITagView.php

Loading...