diff --git a/files/assets/js/core.js b/files/assets/js/core.js index 2acc7e169..0311e2693 100644 --- a/files/assets/js/core.js +++ b/files/assets/js/core.js @@ -266,9 +266,6 @@ function bs_trigger(e) { i.addEventListener('keydown', speed_carot_navigate, false); }); } - - if (typeof link_trigger === "function") - link_trigger(e); } var bsTriggerOnReady = function() { diff --git a/files/helpers/offsitementions.py b/files/helpers/offsitementions.py index fbd0db108..701ca6979 100644 --- a/files/helpers/offsitementions.py +++ b/files/helpers/offsitementions.py @@ -98,9 +98,9 @@ def notify_mentions(send_to, mentions, mention_str='site mention'): text = sanitize(m['text'], golden=False) notif_text = ( f'
New {mention_str} by /u/{author}
' + f'rel="nofollow noopener" target="_blank">/u/{author}' f'' + 'rel="nofollow noopener" target="_blank">' f'https://old.reddit.com{permalink}?context=89
' f'{text}' ) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index fe2c10858..8eb095945 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -63,6 +63,7 @@ def allowed_attributes(tag, name, value): if name == 'href' and '\\' not in value and 'xn--' not in value: return True if name == 'rel' and value == 'nofollow noopener': return True + if name == 'target' and value == '_blank': return True return False if tag == 'img': @@ -144,7 +145,8 @@ def callback(attrs, new=False): del attrs[(None, "href")] # Make unclickable and reset harmful payload return attrs - if not is_site_url(href): + if not href.startswith('/') and not href.startswith(f'{SITE_FULL}/'): + attrs[(None, "target")] = "_blank" attrs[(None, "rel")] = "nofollow noopener" return attrs @@ -269,7 +271,7 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys # replacing zero width characters, overlines, fake colons sanitized = sanitized.replace('\u200e','').replace('\u200b','').replace("\ufeff", "").replace("\u033f","").replace("\u0589", ":") - sanitized = reddit_regex.sub(r'\1/\2', sanitized) + sanitized = reddit_regex.sub(r'\1/\2', sanitized) sanitized = sub_regex.sub(r'\1/\2', sanitized) v = getattr(g, 'v', None) @@ -296,7 +298,7 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys for tag in soup.find_all("img"): if tag.get("src") and not tag["src"].startswith('/pp/'): if not is_safe_url(tag["src"]): - a = soup.new_tag("a", href=tag["src"], rel="nofollow noopener") + a = soup.new_tag("a", href=tag["src"], rel="nofollow noopener", target="_blank") a.string = tag["src"] tag.replace_with(a) continue @@ -310,6 +312,7 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys a = soup.new_tag("a", href=tag["data-src"]) if not is_site_url(a["href"]): a["rel"] = "nofollow noopener" + a["target"] = "_blank" tag = tag.replace_with(a) a.append(tag) diff --git a/files/routes/votes.py b/files/routes/votes.py index b6029e25b..b9ceecfa6 100644 --- a/files/routes/votes.py +++ b/files/routes/votes.py @@ -153,7 +153,7 @@ def vote_post_comment(target_id, new, v, cls, vote_cls): elif target.sub and target.sub not in UNNERFED_HOLES: mul = 0.7 elif not target.sub and target.body_html and target.author.id not in BOOSTED_USERS_EXCLUDED: - x = target.body_html.count('') x += target.body_html.count(' -