microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

https://github.com/microcosm-cc/bluemonday

BSD 3-Clause "New" or "Revised" License

3.14k stars 176 forks source link

Add functionality to set rel="noreferrer" on a,area,link #85

Closed StevenGutzwiller closed 5 years ago

StevenGutzwiller commented 5 years ago

Right now we have the capability to set rel="nofollow", and we add rel="noopener" if target="_blank". Another potential useful piece of functionality would be to add rel="noreferrer" if the user makes that part of the policy.

I would be willing to write the functionality. I was thinking of the API consisting of two functions: (p Policy) RequireNoReferrerOnLinks() policy (p Policy) RequireNoReferrerOnFullyQualifiedLinks() policy

buro9 commented 5 years ago

Seems eminently reasonable :) I'd merge it.

StevenGutzwiller commented 5 years ago

86

buro9 commented 5 years ago

Thanks for the PR :pray: