TargetNoreferrer.php 1.0 KB

1234567891011121314151617181920212223242526272829303132333435363738
  1. <?php
  2. // must be called POST validation
  3. /**
  4. * Adds rel="noreferrer" to any links which target a different window
  5. * than the current one. This is used to prevent malicious websites
  6. * from silently replacing the original window, which could be used
  7. * to do phishing.
  8. * This transform is controlled by %HTML.TargetNoreferrer.
  9. */
  10. class HTMLPurifier_AttrTransform_TargetNoreferrer extends HTMLPurifier_AttrTransform
  11. {
  12. /**
  13. * @param array $attr
  14. * @param HTMLPurifier_Config $config
  15. * @param HTMLPurifier_Context $context
  16. * @return array
  17. */
  18. public function transform($attr, $config, $context)
  19. {
  20. if (isset($attr['rel'])) {
  21. $rels = explode(' ', $attr['rel']);
  22. } else {
  23. $rels = array();
  24. }
  25. if (isset($attr['target']) && !in_array('noreferrer', $rels)) {
  26. $rels[] = 'noreferrer';
  27. }
  28. if (!empty($rels) || isset($attr['rel'])) {
  29. $attr['rel'] = implode(' ', $rels);
  30. }
  31. return $attr;
  32. }
  33. }