Add rel="nofollow ugc" to all links in fields that can contain arbitrary URL's, in at least the following fields, which have been tested/confirmed to allow arbitrary URL's: - Summary - URL - Comments (including "Description" (comment 0)) See bug 240848 for details/context/analysis
Update should take the form of a PR against https://github.com/freebsd/bugzilla
Created attachment 208162 [details] test attachment containing plaintext URL and with https://arbitrary.url.com in description
Created attachment 208163 [details] test attachment containing plaintext URL and URL in <a> tags, and with https://arbitrary.url.com in description test attachment containing plaintext arbitrary url and another contained within <a> tags
Created attachment 208164 [details] test attachment containing URL in <a> tags, and with https://arbitrary.url.com in description
Created attachment 208165 [details] test attachment (text/html type) containing URL in <a> tags, and with https://arbitrary.url.com in description
Created attachment 208166 [details] test attachment containing URL in <a> tags, and with https://arbitrary.url.com in description
Created attachment 208167 [details] test attachment containing plaintext URL and URL in <a> tags, and with https://arbitrary.url.com in description
Created attachment 208168 [details] test attachment (text/html type) containing URL in <a> tags, and with https://arbitrary.url.com in description
In the case of a plaintext attachment containing URL's, these links are rendered as links in: - the Attachment "Details" view (attachment.cgi?id=<attachmentID>&action=edit) - <div id="attachment_view_window"> So rel should be added in these too. I cant get any other combinations (see the other attachments) to result in rendered links (only plaintext).
We probably don't need rel= links on self-links to our own bugzilla instance, right?
(In reply to Conrad Meyer from comment #10) Yep, broadly speaking, but if we can avoid special casing or additional processing of comments for this case, that would be ideal, given: Internal links are usually (and should be) represented using 'bug XXXX' or 'bug XXX comment XX' form (in comments), which are auto-linked by Bugzilla. Pasting full URL's to internal links in comments is generally to be avoided, and instead the above forms for auto-linking and/or the use of See Also: is what should be done. There may be a case for us to program test/link conversion from the 'full url > internal form' for comments and/or other fields, if warranted/needed. We can look at that separately I also didn't include 'See Also' in the fields to include the rel= treatment because the See Also: field is limited to a limited set of specific formats for bug trackers / etc.
I agree about comments; I was responding to your comment #9: > In the case of a plaintext attachment containing URL's, these links are > rendered as links in: > > - the Attachment "Details" view (attachment.cgi?id=<attachmentID>&action=edit) > - <div id="attachment_view_window"> > > So rel should be added in these too.
(In reply to Conrad Meyer from comment #12) Ah. No, not suggesting we add rel for internal links. comment 9 was just mentioning the bugzilla view where I found the issue. Click "Details" for attachment 208162 [details] (Note: its only visible in the 'edit' sub view [1], not the attachment raw view [2]) [1] https://bugs.freebsd.org/bugzilla/attachment.cgi?id=208162&action=edit [2] https://bugs.freebsd.org/bugzilla/attachment.cgi?id=208162
(In reply to Kubilay Kocak from comment #13) Ah, apologies. I misunderstood. Carry on. :-)