Ticket #1181 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Link spam vulnerability in Notes and User-About fields

Reported by: dread Owned by: dread
Priority: blocker Milestone:
Component: ckan Keywords:
Cc: Repository: ckan
Theme: none

Description (last modified by dread) (diff)

When viewing a user and a package, the about/notes fields contain Markdown, which may have links. These should have rel="nofollow" to discourage link spam.

Change History

comment:1 Changed 3 years ago by dread

  • Description modified (diff)
  • Summary changed from Link spam vulnerability in User-About field to Link spam vulnerability in Notes and User-About fields

comment:2 Changed 3 years ago by dread

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in ckan default in cset:72f7d48d7f31. Have left Package url and Resource url links though, as these are the key links we want google to see. So we need to check these carefully for spam.

Note: See TracTickets for help on using tickets.