Skip to content

Commit

Permalink
Add noopener noreferrer nofollow to generated content links
Browse files Browse the repository at this point in the history
  • Loading branch information
JamesNK committed Jan 15, 2025
1 parent 2780cdc commit 6350074
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 15 deletions.
2 changes: 1 addition & 1 deletion src/Aspire.Dashboard/ConsoleLogs/UrlParser.cs
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ public static bool TryParse(string? text, Func<string, string>? nonMatchFragment
nextCharIndex = urlMatch.Index + urlMatch.Length;
var url = text[urlStart..nextCharIndex];

builder.Append(CultureInfo.InvariantCulture, $"<a target=\"_blank\" href=\"{url}\">{WebUtility.HtmlEncode(url)}</a>");
builder.Append(CultureInfo.InvariantCulture, $"<a target=\"_blank\" href=\"{url}\" rel=\"noopener noreferrer nofollow\">{WebUtility.HtmlEncode(url)}</a>");
urlMatch = urlMatch.NextMatch();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,6 @@ public void CreateLogEntry_AnsiAndUrl_HasUrlAnchor()
var entry = parser.CreateLogEntry("\x1b[36mhttps://www.example.com\u001b[0m", isErrorOutput: false);

// Assert
Assert.Equal("<span class=\"ansi-fg-cyan\"></span><a target=\"_blank\" href=\"https://www.example.com\">https://www.example.com</a>", entry.Content);
Assert.Equal("<span class=\"ansi-fg-cyan\"></span><a target=\"_blank\" href=\"https://www.example.com\" rel=\"noopener noreferrer nofollow\">https://www.example.com</a>", entry.Content);
}
}
36 changes: 23 additions & 13 deletions tests/Aspire.Dashboard.Tests/ConsoleLogsTests/UrlParserTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@ public void TryParse_NoUrl_ReturnsFalse(string? input)
}

[Theory]
[InlineData("This is some text with a URL at the end: https://bing.com/", true, "This is some text with a URL at the end: <a target=\"_blank\" href=\"https://bing.com/\">https://bing.com/</a>")]
[InlineData("https://bing.com/ This is some text with a URL at the beginning", true, "<a target=\"_blank\" href=\"https://bing.com/\">https://bing.com/</a> This is some text with a URL at the beginning")]
[InlineData("This is some text with a https://bing.com/ in the middle", true, "This is some text with a <a target=\"_blank\" href=\"https://bing.com/\">https://bing.com/</a> in the middle")]
[InlineData("This is some text with a URL at the end: https://bing.com/", true, "This is some text with a URL at the end: <a target=\"_blank\" href=\"https://bing.com/\" rel=\"noopener noreferrer nofollow\">https://bing.com/</a>")]
[InlineData("https://bing.com/ This is some text with a URL at the beginning", true, "<a target=\"_blank\" href=\"https://bing.com/\" rel=\"noopener noreferrer nofollow\">https://bing.com/</a> This is some text with a URL at the beginning")]
[InlineData("This is some text with a https://bing.com/ in the middle", true, "This is some text with a <a target=\"_blank\" href=\"https://bing.com/\" rel=\"noopener noreferrer nofollow\">https://bing.com/</a> in the middle")]
public void TryParse_ReturnsCorrectResult(string input, bool expectedResult, string? expectedOutput)
{
var result = UrlParser.TryParse(input, WebUtility.HtmlEncode, out var modifiedText);
Expand All @@ -34,13 +34,13 @@ public void TryParse_ReturnsCorrectResult(string input, bool expectedResult, str
}

[Theory]
[InlineData("http://bing.com", "<a target=\"_blank\" href=\"http://bing.com\">http://bing.com</a>")]
[InlineData("https://bing.com", "<a target=\"_blank\" href=\"https://bing.com\">https://bing.com</a>")]
[InlineData("http://www.bing.com", "<a target=\"_blank\" href=\"http://www.bing.com\">http://www.bing.com</a>")]
[InlineData("http://bing.com/", "<a target=\"_blank\" href=\"http://bing.com/\">http://bing.com/</a>")]
[InlineData("http://bing.com/dir", "<a target=\"_blank\" href=\"http://bing.com/dir\">http://bing.com/dir</a>")]
[InlineData("http://bing.com/index.aspx", "<a target=\"_blank\" href=\"http://bing.com/index.aspx\">http://bing.com/index.aspx</a>")]
[InlineData("http://localhost", "<a target=\"_blank\" href=\"http://localhost\">http://localhost</a>")]
[InlineData("http://bing.com", "<a target=\"_blank\" href=\"http://bing.com\" rel=\"noopener noreferrer nofollow\">http://bing.com</a>")]
[InlineData("https://bing.com", "<a target=\"_blank\" href=\"https://bing.com\" rel=\"noopener noreferrer nofollow\">https://bing.com</a>")]
[InlineData("http://www.bing.com", "<a target=\"_blank\" href=\"http://www.bing.com\" rel=\"noopener noreferrer nofollow\">http://www.bing.com</a>")]
[InlineData("http://bing.com/", "<a target=\"_blank\" href=\"http://bing.com/\" rel=\"noopener noreferrer nofollow\">http://bing.com/</a>")]
[InlineData("http://bing.com/dir", "<a target=\"_blank\" href=\"http://bing.com/dir\" rel=\"noopener noreferrer nofollow\">http://bing.com/dir</a>")]
[InlineData("http://bing.com/index.aspx", "<a target=\"_blank\" href=\"http://bing.com/index.aspx\" rel=\"noopener noreferrer nofollow\">http://bing.com/index.aspx</a>")]
[InlineData("http://localhost", "<a target=\"_blank\" href=\"http://localhost\" rel=\"noopener noreferrer nofollow\">http://localhost</a>")]
public void TryParse_SupportedUrlFormats(string input, string? expectedOutput)
{
var result = UrlParser.TryParse(input, WebUtility.HtmlEncode, out var modifiedText);
Expand All @@ -61,8 +61,18 @@ public void TryParse_UnsupportedUrlFormats(string input)
}

[Theory]
[InlineData("http://localhost:8080</url>", "<a target=\"_blank\" href=\"http://localhost:8080\">http://localhost:8080</a>&lt;/url&gt;")]
[InlineData("http://localhost:8080\"", "<a target=\"_blank\" href=\"http://localhost:8080\">http://localhost:8080</a>&quot;")]
[InlineData("script:alert('hi')")]
[InlineData("http://script:alert('hi')")]
public void TryParse_AttemptedScriptInjection(string input)
{
var result = UrlParser.TryParse(input, WebUtility.HtmlEncode, out var _);

Assert.False(result);
}

[Theory]
[InlineData("http://localhost:8080</url>", "<a target=\"_blank\" href=\"http://localhost:8080\" rel=\"noopener noreferrer nofollow\">http://localhost:8080</a>&lt;/url&gt;")]
[InlineData("http://localhost:8080\"", "<a target=\"_blank\" href=\"http://localhost:8080\" rel=\"noopener noreferrer nofollow\">http://localhost:8080</a>&quot;")]
public void TryParse_ExcludeInvalidTrailingChars(string input, string? expectedOutput)
{
var result = UrlParser.TryParse(input, WebUtility.HtmlEncode, out var modifiedText);
Expand All @@ -77,7 +87,7 @@ public void TryParse_QueryString()
var result = UrlParser.TryParse("https://www.example.com?query=string&param=value", WebUtility.HtmlEncode, out var modifiedText);
Assert.True(result);

Assert.Equal("<a target=\"_blank\" href=\"https://www.example.com?query=string&param=value\">https://www.example.com?query=string&amp;param=value</a>", modifiedText);
Assert.Equal("<a target=\"_blank\" href=\"https://www.example.com?query=string&param=value\" rel=\"noopener noreferrer nofollow\">https://www.example.com?query=string&amp;param=value</a>", modifiedText);
}

[Theory]
Expand Down

0 comments on commit 6350074

Please sign in to comment.