DataSmith: Inconsistent nofollow handling in Drupal maintenance support plans input formats

Inconsistent nofollow handling in Drupal maintenance support plans input formats

The Problem
Working on setting up commenting, which is highly suggested for sites who’s content appears on Drupal maintenance support plans Planet, I came across a bit of a confusing situation in regard to URLs in content. When using the “Limit allowed HTML tags and correct faulty HTML” filter, one of the option is to add rel=”nofollow” attributes to anchor tags. However, in the default Plain Text format, the “Convert URLs into links” filter does not provide that option. So if a user types in an HTML anchor, nofollow gets added. But if they type in a plain URl, it gets converted to an HTML anchor without the nofollow.
To illustrate, if I allow anchor links to be entered as html and set the option to add rel=nofollow and I also enable the filter to convert URLs to links, if a user enters:

www.nytimes.com
Another NY Times linkThe output HTML in the comment is:

https://www.nytimes.com
Another NY Times link
For commenting, I really want to tighten permissions down as far as I can to avoid potential security risks, so the Plain Text format with the “Display any HTML as plain text” filter is the best choice1. However, for usability I do want URLs converted to links. But I also want those links set to nofollow for link fraud prevention2.
By playing with format filter configurations and ordering I was able to make a solution that works (albeit a little janky-ly), but it sure feels like this is an area where a core patch could improve the situation. If I have time one day maybe I’ll work on that3.
Solution
The solution I came up with is to set the following filters on the input format (the order is significant):
Display any HTML as plain text
Convert URLs into links
Convert line breaks into HTML (i.e. and )
Limit allowed HTML tags and correct faulty HTML
Then for the allowed HTML tags, I allowed <a href hreflang> <p> <br> and checked the `Add rel=”nofollow” to all links` option.
The result is that user entered HTML is rendered as plain text, then URLs and line brakes get converted to HTML, and finally the Limit allowed HTML filter double checks the markup and adds `rel=”nofollow”` to anchor tags.  So given a user input comment like in the screen shot below, the resulting HTML is:

www.nytimes.com
<h2>This should not be displayed as an h2 element.</h2>
<a href=”If” rel=”nofollow”>www.example.com”>If this is a link to example.com and not www.nytimes.com, you’ve failed.</a>Comment preview showing the user entered comment, the resulting comment, and the help text.Now, this solution is not perfect. Mostly, it’s hinky to set up and I hate that I have to allow any HTML, even if user input is first stripped to plain text. Secondly though, it’s also a user experience problem. As you can see in the picture above, the help text says that no html is allowed and that the anchor, break, and paragraph tags are allowed.
Footnotes
1. using the core commenting facility at least. Add on tools like Disqus obviate the issue but I don’t want to go that route. I also don’t want to require (or even allow) users to register before commenting. And yes, I do require approval of comments before they are visible, but I don’t want to have to remember to add rel=nofollow in links.
2. Yes. I want to eat my cake and have it too.
3. I was put on this earth to achieve certain things. At this point I’m so far behind I’ll never die.

Barrett
Sun, 11/27/2020 – 13:18

Tags
Drupal maintenance support plans 8
Planet Drupal maintenance support plans

Add new comment

Source: New feed

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

DataSmith: Inconsistent nofollow handling in Drupal maintenance support plans input formats

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.