Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set nofollow on user-generated links #3131

Merged
merged 2 commits into from
Apr 19, 2023
Merged

Set nofollow on user-generated links #3131

merged 2 commits into from
Apr 19, 2023

Conversation

AndrewKvalheim
Copy link
Member

Checklist

  • I have read the Contribution & Best practices Guide.
  • My branch is up-to-date with the upstream master branch.
  • The tests pass locally with my changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added necessary documentation (if appropriate).

Short description of what this resolves

To disincentivize spamdexing, links in user-generated content should be disavowed by annotation with rel="nofollow" attributes. Automated spam has already targeted OSEM in the wild.

Changes proposed in this pull request

Pass rendered markdown through the NoFollow scrubber already available in Rails.

Ideally this would be done during markdown rendering or in a single sanitization pass; see the unresolved discussion at vmg/redcarpet#720.

@AndrewKvalheim
Add tests of HTML sanitization
c54a8a1
@AndrewKvalheim
Set nofollow on links in Markdown content
80d7ac5 
To disincentivize spamdexing, links in user-generated content should be
disavowed by annotation with `rel="nofollow"` attributes:

  - https://en.wikipedia.org/wiki/Nofollow

Automated spam has already targeted OSEM in the wild:

  - SeaGL/organization#274

Ideally link annotation would be performed during Markdown rendering or
a single sanitization pass, but this is currently an unresolved issue:

  - vmg/redcarpet#720
@hennevogel hennevogel mentioned this pull request Apr 19, 2023
Closed
@hennevogel hennevogel merged commit 8b909a9 into openSUSE:master Apr 19, 2023
@AndrewKvalheim AndrewKvalheim deleted the nofollow branch May 4, 2023 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hennevogel hennevogel hennevogel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@AndrewKvalheim @hennevogel