Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
   1  <?php
   2  
   3  // must be called POST validation
   4  
   5  /**
   6   * Adds rel="noreferrer" to any links which target a different window
   7   * than the current one.  This is used to prevent malicious websites
   8   * from silently replacing the original window, which could be used
   9   * to do phishing.
  10   * This transform is controlled by %HTML.TargetNoreferrer.
  11   */
  12  class HTMLPurifier_AttrTransform_TargetNoreferrer extends HTMLPurifier_AttrTransform
  13  {
  14      /**
  15       * @param array $attr
  16       * @param HTMLPurifier_Config $config
  17       * @param HTMLPurifier_Context $context
  18       * @return array
  19       */
  20      public function transform($attr, $config, $context)
  21      {
  22          if (isset($attr['rel'])) {
  23              $rels = explode(' ', $attr['rel']);
  24          } else {
  25              $rels = array();
  26          }
  27          if (isset($attr['target']) && !in_array('noreferrer', $rels)) {
  28              $rels[] = 'noreferrer';
  29          }
  30          if (!empty($rels) || isset($attr['rel'])) {
  31              $attr['rel'] = implode(' ', $rels);
  32          }
  33  
  34          return $attr;
  35      }
  36  }
  37