Make url's in messages identified as http://... or https://...

rouilj · rouilj · commit 9e501e957def · 2017-02-25T21:01:50.000-05:00
have the rel="nofollow" attribute to reduce the value
of spamming public trackers.

Internal links: issue20 msg10 etc. won't have the nofollow attribute.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -424,6 +424,11 @@ Features:
 - Add RejectRaw exception to allow unescaped HTML error messages to be
   displayed to the user (thanks Ezio Melotti for the initial patch)
   (John Kristensen)
+- Add rel=nofollow to http and https url's in the body of messages.
+  This should reduce the value of a public roundup tracker to spammers.
+  References like issue20 or msg10 will hyperlink without
+  rel=nofollow so that robots can index them. Similar work was done
+  for the history display in roundup 1.5.0. (John Rouillard)
 
 Fixed:
 
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
@@ -1337,7 +1337,7 @@ class StringHTMLProperty(HTMLProperty):
 
     def _hyper_repl(self, match):
         if match.group('url'):
-            return self._hyper_repl_url(match, '<a href="%s">%s</a>%s')
+            return self._hyper_repl_url(match, '<a href="%s" rel="nofollow">%s</a>%s')
         elif match.group('email'):
             return self._hyper_repl_email(match, '<a href="mailto:%s">%s</a>')
         elif len(match.group('id')) < 10:
diff --git a/test/test_templating.py b/test/test_templating.py
@@ -178,37 +178,37 @@ def t(s): return p.hyper_re.sub(p._hyper_repl, s)
         ae = self.assertEqual
         ae(t('item123123123123'), 'item123123123123')
         ae(t('http://roundup.net/'),
-           '<a href="http://roundup.net/">http://roundup.net/</a>')
+           '<a href="http://roundup.net/" rel="nofollow">http://roundup.net/</a>')
         ae(t('&lt;HTTP://roundup.net/&gt;'),
-           '&lt;<a href="HTTP://roundup.net/">HTTP://roundup.net/</a>&gt;')
+           '&lt;<a href="HTTP://roundup.net/" rel="nofollow">HTTP://roundup.net/</a>&gt;')
         ae(t('&lt;http://roundup.net/&gt;.'),
-            '&lt;<a href="http://roundup.net/">http://roundup.net/</a>&gt;.')
+            '&lt;<a href="http://roundup.net/" rel="nofollow">http://roundup.net/</a>&gt;.')
         ae(t('&lt;www.roundup.net&gt;'),
-           '&lt;<a href="http://www.roundup.net">www.roundup.net</a>&gt;')
+           '&lt;<a href="http://www.roundup.net" rel="nofollow">www.roundup.net</a>&gt;')
         ae(t('(www.roundup.net)'),
-           '(<a href="http://www.roundup.net">www.roundup.net</a>)')
+           '(<a href="http://www.roundup.net" rel="nofollow">www.roundup.net</a>)')
         ae(t('foo http://msdn.microsoft.com/en-us/library/ms741540(VS.85).aspx bar'),
-           'foo <a href="http://msdn.microsoft.com/en-us/library/ms741540(VS.85).aspx">'
+           'foo <a href="http://msdn.microsoft.com/en-us/library/ms741540(VS.85).aspx" rel="nofollow">'
            'http://msdn.microsoft.com/en-us/library/ms741540(VS.85).aspx</a> bar')
         ae(t('(e.g. http://en.wikipedia.org/wiki/Python_(programming_language))'),
-           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language)">'
+           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language)" rel="nofollow">'
            'http://en.wikipedia.org/wiki/Python_(programming_language)</a>)')
         ae(t('(e.g. http://en.wikipedia.org/wiki/Python_(programming_language)).'),
-           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language)">'
+           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language)" rel="nofollow">'
            'http://en.wikipedia.org/wiki/Python_(programming_language)</a>).')
         ae(t('(e.g. http://en.wikipedia.org/wiki/Python_(programming_language))&gt;.'),
-           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language)">'
+           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language)" rel="nofollow">'
            'http://en.wikipedia.org/wiki/Python_(programming_language)</a>)&gt;.')
         ae(t('(e.g. http://en.wikipedia.org/wiki/Python_(programming_language&gt;)).'),
-           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language">'
+           '(e.g. <a href="http://en.wikipedia.org/wiki/Python_(programming_language" rel="nofollow">'
            'http://en.wikipedia.org/wiki/Python_(programming_language</a>&gt;)).')
         for c in '.,;:!':
             # trailing punctuation is not included
             ae(t('http://roundup.net/%c ' % c),
-               '<a href="http://roundup.net/">http://roundup.net/</a>%c ' % c)
+               '<a href="http://roundup.net/" rel="nofollow">http://roundup.net/</a>%c ' % c)
             # but it's included if it's part of the URL
             ae(t('http://roundup.net/%c/' % c),
-               '<a href="http://roundup.net/%c/">http://roundup.net/%c/</a>' % (c, c))
+               '<a href="http://roundup.net/%c/" rel="nofollow">http://roundup.net/%c/</a>' % (c, c))
 
 '''
 class HTMLPermissions:
