Posted by Wesley Tanaka on December 10, 2006 at 1:01pm
17 followers
| Project: | Drupal core |
| Version: | 7.x-dev |
| Component: | profile.module |
| Category: | task |
| Priority: | minor |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
Profile fields are user-created (and can be modified by users at any time), and thus they could potentially be spam. Therefore, profile URLs should be protected with the link condom. i.e. links to URLs in people's profile should have rel="nofollow"
Comments
#1
patch against HEAD
#2
identical patch against head in -U 3 format (sorry about previous patch)
#3
Same patch against 4.7 branch's profile.module,v 1.154.2.6
#4
Not sure I agree. They don't have to be spam. Drupal has a filter-option that allows you to enable/disable the link condom. Maybe we should use the profile module to use that filter option.
#5
Profile links are as likely to be spam as any other posted content. If rel=nofollow is potentially useful for posted comment, it is also potentially useful for profile links.
The only reference to "rel.*nofollow" I found in the codebase is in
_filter_html($text, $format). Attaching a patch which runs the profile link through that function.#6
That didn't come out too clearly. I meant to say:
If we think it's worthwhile to protect against spam links in posted content*, we should also protect against spam links posted in users' profiles.
-----
* which we do
#7
#8
Patch applied.
I set 'format_default_nofollow_0' = TRUE in settings.php (don't think this can be set in UI which is OK IMO)
nofollow applied to profile url as advertised.
I like the option.
#9
#10
#11
Still applies with offset.
#12
It worked fine for me.
Thanks it was a great advice.
#13
This still applies cleanly to core!
#14
Is there a module that does this?
#15
Resetting version.
#16
No longer applies to 7.x.
#17
This one does (2 years after last post :p)
#18
#19
suscribe
#20
I think this functionality should be optional. So, if it is not in core, this must be in contributed module.
#21
#17: relNoFoloow.patch queued for re-testing.
#22
The last submitted patch, relNoFoloow.patch, failed testing.
#23
This patch applies against 7.x-dev. This was done during Drupal Patch Bingo at Droplabs
#24
The last submitted patch, 102468_nofollow.patch, failed testing.
#25
This time, I did a real git diff instead of regular diff.
#26
Applying the same patch to Drupal 8.
#27
The "URL" Profile field no longer exists in Drupal 7 or Drupal 8! Even though the patch may apply, this issue is irrelevant IMHO. Detailed explanation follows:
In Drupal 6, there is Profile.
In Drupal 7, there is no admin interface to add URL field.
Is this a bug, or should we write a patch to remove this code?
#28
It looks like this issue depends on #501434: URL field type in core which is newer and in drupal-8 queue.
The only reason to keep this code seems to be backwards-compatibility with drupal-6. So, a good patch to do would be to comment the code with this reason. Right?
#29
Related: #301071: Remove profile module from core
#30
profile is not in 8.x now