Someone just did this to me and I'm not sure how search engines will treat it, but I'm wondering if the first rel="follow" overrides the 2nd rel="nofollow". I think this link spam filter should strip out any rel="follow" attributes, otherwise the nofollow may not be any protection.

This is the code that was used to override my nofollow.

<a rel="follow" href="http://example.com/" rel="nofollow">

The attached image shows that my Search Status Firefox Add-on isn't detecting the nofollow on the link that was spammed in my comments because a rel="follow" was added before Drupal's nofollow.

CommentFileSizeAuthor
nofollow-override.png17.76 KBZ2222

Comments

vito_a’s picture

Yes, seems they're already discussed that here http://groups.google.com/group/Google_Webmaster_Help-Indexing/browse_thr... and still got no good solution.

You've raised an interesting question, but seems that it concerns a known problem with the tag attribute filtering at user input. They're still looking for a reliable solution, and seems there are a number of ways:

- to restrict some tags like A at all;
- to make all users insert the BBCode instead of HTML ( http://drupal.org/project/bbcode );
- to write some filtering of your own ( http://drupal.org/project/filter_macros , http://drupal.org/project/ext_link_page , http://drupal.org/project/dme etc. );
- or probably try one of the http://drupal.org/project/htmlpurifier , http://drupal.org/project/htmLawed or http://drupal.org/project/safehtml ones. IMHO , the http://drupal.org/project/htmlpurifier looks like a good solution at the moment, but I can be wrong, of course.

It will be good if you try some of the ways and tell us your opinion, that will help many of us to fight with spammers.

alpha2zee’s picture

If you use the htmLawed module you can use a $spec rule (see the project page) to deny any rel="follow" in user input:

a = rel(noneof=follow);

With htmLawed in use, you don't need the Nofollow filter (or even Drupal's HTML filter).

mcurry’s picture

subscribe

sun’s picture

Version: 5.10 » 7.x-dev
cannandev’s picture

See patch created here http://drupal.org/node/362972, comment #50

Now if we could apply this to D6...

sun’s picture

Status: Active » Closed (duplicate)