Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
  • Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
  • PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
/lib/htmlpurifier/HTMLPurifier/AttrTransform/ -> TargetNoreferrer.php (source)

[Summary view] 

   1  <?php
   2  
   3  // must be called POST validation

   4  
   5  /**

   6   * Adds rel="noreferrer" to any links which target a different window

   7   * than the current one.  This is used to prevent malicious websites

   8   * from silently replacing the original window, which could be used

   9   * to do phishing.

  10   * This transform is controlled by %HTML.TargetNoreferrer.

  11   */
  12  class HTMLPurifier_AttrTransform_TargetNoreferrer extends HTMLPurifier_AttrTransform
  13  {
  14      /**

  15       * @param array $attr

  16       * @param HTMLPurifier_Config $config

  17       * @param HTMLPurifier_Context $context

  18       * @return array

  19       */
  20      public function transform($attr, $config, $context)
  21      {
  22          if (isset($attr['rel'])) {
  23              $rels = explode(' ', $attr['rel']);
  24          } else {
  25              $rels = array();
  26          }
  27          if (isset($attr['target']) && !in_array('noreferrer', $rels)) {
  28              $rels[] = 'noreferrer';
  29          }
  30          if (!empty($rels) || isset($attr['rel'])) {
  31              $attr['rel'] = implode(' ', $rels);
  32          }
  33  
  34          return $attr;
  35      }
  36  }
  37

Body

Body

Body

Body