3 // must be called POST validation
6 * Adds rel="noopener" to any links which target a different window
7 * than the current one. This is used to prevent malicious websites
8 * from silently replacing the original window, which could be used
10 * This transform is controlled by %HTML.TargetNoopener.
12 class HTMLPurifier_AttrTransform_TargetNoopener
extends HTMLPurifier_AttrTransform
16 * @param HTMLPurifier_Config $config
17 * @param HTMLPurifier_Context $context
20 public function transform($attr, $config, $context)
22 if (isset($attr['rel'])) {
23 $rels = explode(' ', $attr['rel']);
27 if (isset($attr['target']) && !in_array('noopener', $rels)) {
30 if (!empty($rels) ||
isset($attr['rel'])) {
31 $attr['rel'] = implode(' ', $rels);