Closed (duplicate)
Project:
Drupal core
Version:
7.x-dev
Component:
filter.module
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
18 Aug 2008 at 16:54 UTC
Updated:
4 Nov 2010 at 23:12 UTC
Someone just did this to me and I'm not sure how search engines will treat it, but I'm wondering if the first rel="follow" overrides the 2nd rel="nofollow". I think this link spam filter should strip out any rel="follow" attributes, otherwise the nofollow may not be any protection.
This is the code that was used to override my nofollow.
<a rel="follow" href="http://example.com/" rel="nofollow">
The attached image shows that my Search Status Firefox Add-on isn't detecting the nofollow on the link that was spammed in my comments because a rel="follow" was added before Drupal's nofollow.
| Comment | File | Size | Author |
|---|---|---|---|
| nofollow-override.png | 17.76 KB | Z2222 |
Comments
Comment #1
vito_a commentedYes, seems they're already discussed that here http://groups.google.com/group/Google_Webmaster_Help-Indexing/browse_thr... and still got no good solution.
You've raised an interesting question, but seems that it concerns a known problem with the tag attribute filtering at user input. They're still looking for a reliable solution, and seems there are a number of ways:
- to restrict some tags like A at all;
- to make all users insert the BBCode instead of HTML ( http://drupal.org/project/bbcode );
- to write some filtering of your own ( http://drupal.org/project/filter_macros , http://drupal.org/project/ext_link_page , http://drupal.org/project/dme etc. );
- or probably try one of the http://drupal.org/project/htmlpurifier , http://drupal.org/project/htmLawed or http://drupal.org/project/safehtml ones. IMHO , the http://drupal.org/project/htmlpurifier looks like a good solution at the moment, but I can be wrong, of course.
It will be good if you try some of the ways and tell us your opinion, that will help many of us to fight with spammers.
Comment #2
alpha2zee commentedIf you use the htmLawed module you can use a $spec rule (see the project page) to deny any rel="follow" in user input:
a = rel(noneof=follow);With htmLawed in use, you don't need the Nofollow filter (or even Drupal's HTML filter).
Comment #3
mcurry commentedsubscribe
Comment #4
sunComment #5
cannandev commentedSee patch created here http://drupal.org/node/362972, comment #50
Now if we could apply this to D6...
Comment #6
sunMarking as duplicate of #362972: Filters should remove "rel" attributes instead of just adding rel="nofollow"