1 <?php 2 3 // must be called POST validation 4 5 /** 6 * Adds rel="noreferrer" to any links which target a different window 7 * than the current one. This is used to prevent malicious websites 8 * from silently replacing the original window, which could be used 9 * to do phishing. 10 * This transform is controlled by %HTML.TargetNoreferrer. 11 */ 12 class HTMLPurifier_AttrTransform_TargetNoreferrer extends HTMLPurifier_AttrTransform 13 { 14 /** 15 * @param array $attr 16 * @param HTMLPurifier_Config $config 17 * @param HTMLPurifier_Context $context 18 * @return array 19 */ 20 public function transform($attr, $config, $context) 21 { 22 if (isset($attr['rel'])) { 23 $rels = explode(' ', $attr['rel']); 24 } else { 25 $rels = array(); 26 } 27 if (isset($attr['target']) && !in_array('noreferrer', $rels)) { 28 $rels[] = 'noreferrer'; 29 } 30 if (!empty($rels) || isset($attr['rel'])) { 31 $attr['rel'] = implode(' ', $rels); 32 } 33 34 return $attr; 35 } 36 } 37
title
Description
Body
title
Description
Body
title
Description
Body
title
Body