diff --git a/CHANGELOG.md b/CHANGELOG.md index 93b7e2a10..9aabe20d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses) - Improve digest email template – Pagination: (optional) return `total` alongside with `items` when paginating +- Add `rel="ugc"` to all links in statuses, to prevent SEO spam ### Fixed - Following from Osada diff --git a/config/config.exs b/config/config.exs index 1988753d6..403ade60d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -509,7 +509,7 @@ class: false, strip_prefix: false, new_window: false, - rel: false + rel: "ugc" ] config :pleroma, :ldap, diff --git a/config/description.exs b/config/description.exs index d95250017..38b30bbf6 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1906,7 +1906,7 @@ key: :rel, type: [:string, false], description: "override the rel attribute. false to clear", - suggestions: ["noopener noreferrer", false] + suggestions: ["ugc", "noopener noreferrer", false] }, %{ key: :new_window, diff --git a/docs/config.md b/docs/config.md index 34e9c19ec..ed119fd32 100644 --- a/docs/config.md +++ b/docs/config.md @@ -522,7 +522,7 @@ config :auto_linker, class: false, strip_prefix: false, new_window: false, - rel: false + rel: "ugc" ] ``` diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 607843a5b..23a5ac8fe 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -36,9 +36,9 @@ def mention_handler("@" <> nickname, buffer, opts, acc) do nickname_text = get_nickname_text(nickname, opts) link = - "@#{ + ~s(@#{ nickname_text - }" + }) {link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}} @@ -50,7 +50,7 @@ def mention_handler("@" <> nickname, buffer, opts, acc) do def hashtag_handler("#" <> tag = tag_text, _buffer, _opts, acc) do tag = String.downcase(tag) url = "#{Pleroma.Web.base_url()}/tag/#{tag}" - link = "" + link = ~s(#{tag_text}) {link, %{acc | tags: MapSet.put(acc.tags, {tag_text, tag})}} end diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 3951f0f51..937bafed5 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -184,7 +184,8 @@ defmodule Pleroma.HTML.Scrubber.Default do "tag", "nofollow", "noopener", - "noreferrer" + "noreferrer", + "ugc" ]) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) @@ -304,7 +305,8 @@ defmodule Pleroma.HTML.Scrubber.LinksOnly do "nofollow", "noopener", "noreferrer", - "me" + "me", + "ugc" ]) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) diff --git a/test/formatter_test.exs b/test/formatter_test.exs index c443dfe7c..2e4280fc2 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -19,7 +19,7 @@ test "turns hashtags into links" do text = "I love #cofe and #2hu" expected_text = - "I love and " + ~s(I love #cofe and #2hu) assert {^expected_text, [], _tags} = Formatter.linkify(text) end @@ -28,7 +28,7 @@ test "does not turn html characters to tags" do text = "#fact_3: pleroma does what mastodon't" expected_text = - ": pleroma does what mastodon't" + ~s(#fact_3: pleroma does what mastodon't) assert {^expected_text, [], _tags} = Formatter.linkify(text) end @@ -39,21 +39,21 @@ test "turning urls into links" do text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ." expected = - "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla ." + ~S(Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla .) assert {^expected, [], []} = Formatter.linkify(text) text = "https://mastodon.social/@lambadalambda" expected = - "https://mastodon.social/@lambadalambda" + ~S(https://mastodon.social/@lambadalambda) assert {^expected, [], []} = Formatter.linkify(text) text = "https://mastodon.social:4000/@lambadalambda" expected = - "https://mastodon.social:4000/@lambadalambda" + ~S(https://mastodon.social:4000/@lambadalambda) assert {^expected, [], []} = Formatter.linkify(text) @@ -63,55 +63,57 @@ test "turning urls into links" do assert {^expected, [], []} = Formatter.linkify(text) text = "http://www.cs.vu.nl/~ast/intel/" - expected = "http://www.cs.vu.nl/~ast/intel/" + + expected = + ~S(http://www.cs.vu.nl/~ast/intel/) assert {^expected, [], []} = Formatter.linkify(text) text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" expected = - "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" + "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" assert {^expected, [], []} = Formatter.linkify(text) text = "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" expected = - "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" + "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" assert {^expected, [], []} = Formatter.linkify(text) text = "https://www.google.co.jp/search?q=Nasim+Aghdam" expected = - "https://www.google.co.jp/search?q=Nasim+Aghdam" + "https://www.google.co.jp/search?q=Nasim+Aghdam" assert {^expected, [], []} = Formatter.linkify(text) text = "https://en.wikipedia.org/wiki/Duff's_device" expected = - "https://en.wikipedia.org/wiki/Duff's_device" + "https://en.wikipedia.org/wiki/Duff's_device" assert {^expected, [], []} = Formatter.linkify(text) text = "https://pleroma.com https://pleroma.com/sucks" expected = - "https://pleroma.com https://pleroma.com/sucks" + "https://pleroma.com https://pleroma.com/sucks" assert {^expected, [], []} = Formatter.linkify(text) text = "xmpp:contact@hacktivis.me" - expected = "xmpp:contact@hacktivis.me" + expected = "xmpp:contact@hacktivis.me" assert {^expected, [], []} = Formatter.linkify(text) text = "magnet:?xt=urn:btih:7ec9d298e91d6e4394d1379caf073c77ff3e3136&tr=udp%3A%2F%2Fopentor.org%3A2710&tr=udp%3A%2F%2Ftracker.blackunicorn.xyz%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com" - expected = "#{text}" + expected = "#{text}" assert {^expected, [], []} = Formatter.linkify(text) end @@ -135,13 +137,13 @@ test "gives a replacement for user links, using local nicknames in user links te assert length(mentions) == 3 expected_text = - "@gsimg According to @archa_eme_, that is @daggsy. Also hello @archaeme" + }" class="u-url mention" href="#{archaeme_remote.ap_id}" rel="ugc">@archaeme) assert expected_text == text end @@ -156,7 +158,9 @@ test "gives a replacement for user links when the user is using Osada" do assert length(mentions) == 1 expected_text = - "@mike test" + ~s(@mike test) assert expected_text == text end @@ -170,7 +174,7 @@ test "gives a replacement for single-character local nicknames" do assert length(mentions) == 1 expected_text = - "@o hi" + ~s(@o hi) assert expected_text == text end @@ -192,13 +196,17 @@ test "given the 'safe_mention' option, it will only mention people in the beginn assert mentions == [{"@#{user.nickname}", user}, {"@#{other_user.nickname}", other_user}] assert expected_text == - "@#{user.nickname} @#{other_user.nickname} hey dudes i hate @#{third_user.nickname}" + }" class="u-url mention" href="#{third_user.ap_id}" rel="ugc">@#{ + third_user.nickname + }) end test "given the 'safe_mention' option, it will still work without any mention" do diff --git a/test/user_test.exs b/test/user_test.exs index 39ba69668..6852fcd40 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1294,9 +1294,9 @@ test "preserves hosts in user links text" do bio = "A.k.a. @nick@domain.com" expected_text = - "A.k.a. @nick@domain.com" + }" rel="ugc">@nick@domain.com) assert expected_text == User.parse_bio(bio, user) end diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs index 230146451..2588898d0 100644 --- a/test/web/common_api/common_api_utils_test.exs +++ b/test/web/common_api/common_api_utils_test.exs @@ -157,11 +157,11 @@ test "works for text/markdown with mentions" do text = "**hello world**\n\n*another @user__test and @user__test google.com paragraph*" expected = - "

hello world

\n

another hello world

\n

another @user__test and @user__test and @user__test google.com paragraph

\n" + }" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@user__test google.com paragraph

\n) {output, _, _} = Utils.format_input(text, "text/markdown") diff --git a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs index 89d4ca37e..560f55137 100644 --- a/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs +++ b/test/web/mastodon_api/controllers/mastodon_api_controller/update_credentials_test.exs @@ -86,10 +86,9 @@ test "updates the user's bio", %{conn: conn} do assert user = json_response(conn, 200) assert user["note"] == - ~s(I drink with @) <> user2.nickname <> ~s() + ~s(I drink #cofe with @#{user2.nickname}) end test "updates the user's locking status", %{conn: conn} do @@ -334,7 +333,7 @@ test "update fields", %{conn: conn} do assert account["fields"] == [ %{"name" => "foo", "value" => "bar"}, - %{"name" => "link", "value" => "cofe.io"} + %{"name" => "link", "value" => ~S(cofe.io)} ] assert account["source"]["fields"] == [ diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 51f5215c2..73a3bf135 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -1014,9 +1014,9 @@ test "list of notifications", %{conn: conn} do |> get("/api/v1/notifications") expected_response = - "hi @#{user.nickname}" + }" rel="ugc">@#{user.nickname}) assert [%{"status" => %{"content" => response}} | _rest] = json_response(conn, 200) assert response == expected_response @@ -1036,9 +1036,9 @@ test "getting a single notification", %{conn: conn} do |> get("/api/v1/notifications/#{notification.id}") expected_response = - "hi @#{user.nickname}" + }" rel="ugc">@#{user.nickname}) assert %{"status" => %{"content" => response}} = json_response(conn, 200) assert response == expected_response diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 08f264431..bf1e233f5 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -109,7 +109,9 @@ test "it registers a new user and parses mentions in the bio" do {:ok, user2} = TwitterAPI.register_user(data2) expected_text = - "@john test" + ~s(@john test) assert user2.bio == expected_text end