TargetNoopener.php 1022 B

12345678910111213141516171819202122232425262728293031323334353637
  1. <?php
  2. // must be called POST validation
  3. /**
  4. * Adds rel="noopener" to any links which target a different window
  5. * than the current one. This is used to prevent malicious websites
  6. * from silently replacing the original window, which could be used
  7. * to do phishing.
  8. * This transform is controlled by %HTML.TargetNoopener.
  9. */
  10. class HTMLPurifier_AttrTransform_TargetNoopener extends HTMLPurifier_AttrTransform
  11. {
  12. /**
  13. * @param array $attr
  14. * @param HTMLPurifier_Config $config
  15. * @param HTMLPurifier_Context $context
  16. * @return array
  17. */
  18. public function transform($attr, $config, $context)
  19. {
  20. if (isset($attr['rel'])) {
  21. $rels = explode(' ', $attr['rel']);
  22. } else {
  23. $rels = array();
  24. }
  25. if (isset($attr['target']) && !in_array('noopener', $rels)) {
  26. $rels[] = 'noopener';
  27. }
  28. if (!empty($rels) || isset($attr['rel'])) {
  29. $attr['rel'] = implode(' ', $rels);
  30. }
  31. return $attr;
  32. }
  33. }