Input Filters / Spam link deterrent Does Not Add NoFollow to URL Filter Created Links
| Project: | Drupal |
| Version: | 6.x-dev |
| Component: | filter.module |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
This is my first issue submission, so please excuse me if I am not spot on on how it is submitted or the info that is needed.
Links created by the URL Filter are not having the nofollow attribute added when the Spam link deterrent feature is turned on in the input filter.
The most secure setup for comment input filters from spam is to turn off all html, including the href tag. Then just have Drupal create links from the URLs. When this is done, the order in which filters are applied has to be HTML Filter -> URL Filter. If it is the other way around, then the HTML filter will strip the link the URL Filter created. So now the HTML Filter never gets to add the nofollow because it is added first.
The URL Filter logic needs a nofollow link added independently of the HTML filter for these cases.
I am not sure how this works in 7.x, so this logic may also need to be done there.
#1
JeremyL,
I was looking for the similar solution as a part of the comment spam protection too.
After spending a few hours here, I ended up with making a very small and simple module by myself which adds rel="nofollow" to all anchor tags used in any comments. It seems to be working OK for me.
Besides, if the anchor already has rel="XXXXX" (e.g: rel="lightbox2"), this module skip the anchor.
BTW, I have replied to your other posts http://drupal.org/node/450792 too and find this post later.
#2
Changed to filter module where I think this issue really belongs.
In fact, I think that the entire spam link filtering is being done wrong in Drupal IMHO. Let's not forget that there may be some other filter modules that output HTML links which should not be filtered out, but the admin may want to add rel=nofollow to then. This can only be done by a separate 'rel=nofollow' filter. Adding rel=nofollow using a separate filter allow filters to be rearranged freely by the admin so that rel=nofollow may be added where it's more appropriate to then in the filter chain.