Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
   1  <?php
   2  
   3  // must be called POST validation

   4  
   5  /**

   6   * Adds rel="noopener" to any links which target a different window

   7   * than the current one.  This is used to prevent malicious websites

   8   * from silently replacing the original window, which could be used

   9   * to do phishing.

  10   * This transform is controlled by %HTML.TargetNoopener.

  11   */
  12  class HTMLPurifier_AttrTransform_TargetNoopener extends HTMLPurifier_AttrTransform
  13  {
  14      /**

  15       * @param array $attr

  16       * @param HTMLPurifier_Config $config

  17       * @param HTMLPurifier_Context $context

  18       * @return array

  19       */
  20      public function transform($attr, $config, $context)
  21      {
  22          if (isset($attr['rel'])) {
  23              $rels = explode(' ', $attr['rel']);
  24          } else {
  25              $rels = array();
  26          }
  27          if (isset($attr['target']) && !in_array('noopener', $rels)) {
  28              $rels[] = 'noopener';
  29          }
  30          if (!empty($rels) || isset($attr['rel'])) {
  31              $attr['rel'] = implode(' ', $rels);
  32          }
  33  
  34          return $attr;
  35      }
  36  }
  37