File indexing completed on 2024-05-12 06:02:04
0001 <?php 0002 0003 // must be called POST validation 0004 0005 /** 0006 * Adds rel="noreferrer" to any links which target a different window 0007 * than the current one. This is used to prevent malicious websites 0008 * from silently replacing the original window, which could be used 0009 * to do phishing. 0010 * This transform is controlled by %HTML.TargetNoreferrer. 0011 */ 0012 class HTMLPurifier_AttrTransform_TargetNoreferrer extends HTMLPurifier_AttrTransform 0013 { 0014 /** 0015 * @param array $attr 0016 * @param HTMLPurifier_Config $config 0017 * @param HTMLPurifier_Context $context 0018 * @return array 0019 */ 0020 public function transform($attr, $config, $context) 0021 { 0022 if (isset($attr['rel'])) { 0023 $rels = explode(' ', $attr['rel']); 0024 } else { 0025 $rels = array(); 0026 } 0027 if (isset($attr['target']) && !in_array('noreferrer', $rels)) { 0028 $rels[] = 'noreferrer'; 0029 } 0030 if (!empty($rels) || isset($attr['rel'])) { 0031 $attr['rel'] = implode(' ', $rels); 0032 } 0033 0034 return $attr; 0035 } 0036 } 0037