Comments: Add rel="nofollow ugc" attribute to links in comments.

UGC stands for User Generated Content, and the `ugc` attribute value is recommended for links within user generated content, such as comments and forum posts.

See https://webmasters.googleblog.com/2019/09/evolving-nofollow-new-ways-to-identify.html.

Props audrasjb, joostdevalk, dkarfa, SergeyBiryukov.
Fixes #48022.
Built from https://develop.svn.wordpress.org/trunk@46349


git-svn-id: http://core.svn.wordpress.org/trunk@46148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2019-09-30 01:30:58 +00:00
parent 8cb7c5c764
commit 2afdc64723
4 changed files with 72 additions and 32 deletions

View File

@ -224,7 +224,7 @@ function get_comment_author_link( $comment_ID = 0 ) {
if ( empty( $url ) || 'http://' == $url ) { if ( empty( $url ) || 'http://' == $url ) {
$return = $author; $return = $author;
} else { } else {
$return = "<a href='$url' rel='external nofollow' class='url'>$author</a>"; $return = "<a href='$url' rel='external nofollow ugc' class='url'>$author</a>";
} }
/** /**

View File

@ -246,7 +246,7 @@ add_filter( 'pre_kses', 'wp_pre_kses_less_than' );
add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 ); add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 );
add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
add_filter( 'comment_flood_filter', 'wp_throttle_comment_flood', 10, 3 ); add_filter( 'comment_flood_filter', 'wp_throttle_comment_flood', 10, 3 );
add_filter( 'pre_comment_content', 'wp_rel_nofollow', 15 ); add_filter( 'pre_comment_content', 'wp_rel_ugc', 15 );
add_filter( 'comment_email', 'antispambot' ); add_filter( 'comment_email', 'antispambot' );
add_filter( 'option_tag_base', '_wp_filter_taxonomy_base' ); add_filter( 'option_tag_base', '_wp_filter_taxonomy_base' );
add_filter( 'option_category_base', '_wp_filter_taxonomy_base' ); add_filter( 'option_category_base', '_wp_filter_taxonomy_base' );

View File

@ -3012,35 +3012,19 @@ function _split_str_by_whitespace( $string, $goal ) {
} }
/** /**
* Adds rel nofollow string to all HTML A elements in content. * Callback to add a rel attribute to HTML A element.
* *
* @since 1.5.0 * Will remove already existing string before adding to prevent invalidating (X)HTML.
* *
* @param string $text Content that may contain HTML A elements. * @since 5.3.0
* @return string Converted content. *
* @param array $matches Single match.
* @param string $rel The rel attribute to add.
* @return string HTML A element with the added rel attribute.
*/ */
function wp_rel_nofollow( $text ) { function wp_rel_callback( $matches, $rel ) {
// This is a pre save filter, so text is already escaped.
$text = stripslashes( $text );
$text = preg_replace_callback( '|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text );
return wp_slash( $text );
}
/**
* Callback to add rel=nofollow string to HTML A element.
*
* Will remove already existing rel="nofollow" and rel='nofollow' from the
* string to prevent from invalidating (X)HTML.
*
* @since 2.3.0
*
* @param array $matches Single Match
* @return string HTML A Element with rel nofollow.
*/
function wp_rel_nofollow_callback( $matches ) {
$text = $matches[1]; $text = $matches[1];
$atts = wp_kses_hair( $matches[1], wp_allowed_protocols() ); $atts = wp_kses_hair( $matches[1], wp_allowed_protocols() );
$rel = 'nofollow';
if ( ! empty( $atts['href'] ) ) { if ( ! empty( $atts['href'] ) ) {
if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) { if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) {
@ -3051,11 +3035,10 @@ function wp_rel_nofollow_callback( $matches ) {
} }
if ( ! empty( $atts['rel'] ) ) { if ( ! empty( $atts['rel'] ) ) {
$parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) ); $parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) );
if ( false === array_search( 'nofollow', $parts ) ) { $rel_array = array_map( 'trim', explode( ' ', $rel ) );
$parts[] = 'nofollow'; $parts = array_unique( array_merge( $parts, $rel_array ) );
} $rel = implode( ' ', $parts );
$rel = implode( ' ', $parts );
unset( $atts['rel'] ); unset( $atts['rel'] );
$html = ''; $html = '';
@ -3071,6 +3054,63 @@ function wp_rel_nofollow_callback( $matches ) {
return "<a $text rel=\"" . esc_attr( $rel ) . '">'; return "<a $text rel=\"" . esc_attr( $rel ) . '">';
} }
/**
* Adds `rel="nofollow"` string to all HTML A elements in content.
*
* @since 1.5.0
*
* @param string $text Content that may contain HTML A elements.
* @return string Converted content.
*/
function wp_rel_nofollow( $text ) {
// This is a pre save filter, so text is already escaped.
$text = stripslashes( $text );
$rel = 'nofollow';
$text = preg_replace_callback(
'|<a (.+?)>|i',
function( $matches ) use ( $rel ) {
return wp_rel_callback( $matches, $rel );
},
$text
);
return wp_slash( $text );
}
/**
* Callback to add `rel="nofollow"` string to HTML A element.
*
* @since 2.3.0
* @deprecated 5.3.0 Use wp_rel_callback()
*
* @param array $matches Single match.
* @return string HTML A Element with `rel="nofollow"`.
*/
function wp_rel_nofollow_callback( $matches ) {
return wp_rel_callback( $matches, 'nofollow' );
}
/**
* Adds `rel="nofollow ugc"` string to all HTML A elements in content.
*
* @since 5.3.0
*
* @param string $text Content that may contain HTML A elements.
* @return string Converted content.
*/
function wp_rel_ugc( $text ) {
// This is a pre save filter, so text is already escaped.
$text = stripslashes( $text );
$rel = 'nofollow ugc';
$text = preg_replace_callback(
'|<a (.+?)>|i',
function( $matches ) use ( $rel ) {
return wp_rel_callback( $matches, $rel );
},
$text
);
return wp_slash( $text );
}
/** /**
* Adds rel noreferrer and noopener to all HTML A elements that have a target. * Adds rel noreferrer and noopener to all HTML A elements that have a target.
* *

View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.3-beta1-46348'; $wp_version = '5.3-beta1-46349';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.