Hi,
One reason why spammers hit blogs comments and forums is to increase the number of links to their 'resources' so that search engines pick this up and increase the spammers rankings.
A number of search engine providers have adopted the practice of not indexing content addressed by links with the rel='nofollow' attribute. This gives blog and forum owners a weapon to stop this practice; make sure all links added by users are given the rel='nofollow' attribute automatically, so search engine spiders stop at the blog/forum page and go no further.
So, ideally, if any user adds a link to my forum, FCKeditor would automatically add the rel='nofollow' attribute.
It would also be nice if target='_blank' could be added in the same way.
No doubt, if I knew the FCKeditor source well, it would be quite straightforward to add this functionality. But I don't, so before I start crawling the depths of this wonderful but complex codebase, I was wondering if any other users had come across a similar requirement and found a way to do this?
Any thoughts much appreciated.
Thanks...
One reason why spammers hit blogs comments and forums is to increase the number of links to their 'resources' so that search engines pick this up and increase the spammers rankings.
A number of search engine providers have adopted the practice of not indexing content addressed by links with the rel='nofollow' attribute. This gives blog and forum owners a weapon to stop this practice; make sure all links added by users are given the rel='nofollow' attribute automatically, so search engine spiders stop at the blog/forum page and go no further.
So, ideally, if any user adds a link to my forum, FCKeditor would automatically add the rel='nofollow' attribute.
It would also be nice if target='_blank' could be added in the same way.
No doubt, if I knew the FCKeditor source well, it would be quite straightforward to add this functionality. But I don't, so before I start crawling the depths of this wonderful but complex codebase, I was wondering if any other users had come across a similar requirement and found a way to do this?
Any thoughts much appreciated.
Thanks...
Re: Enforce rel='nofollow' and target='_blank' for all links
If you want to protect against them you MUST sanitize the received data on the server, you can't trust that anything will be done on the client side. Not only because they could add links to their sites, but because they could inject javascript and try to do any XSS attack on your site. So not trusting the data is a must, you have to clean up the data that is received on the server, and while you are at it then you modify all the links to include those attributes that you want.
Of course, don't write the cleaning code by yourself, search for something already done and that you can configure.
Re: Enforce rel='nofollow' and target='_blank' for all links
I am most definitely sanitising the data on the server. The server framework I am using allows me to encode any incoming html/javascript/etc into a format that is both safe to store and display and I am doing all sorts of other server validation wherever there is user input.
I am also using CAPTCHAs which will defeat the majority of automated spam systems. However, there is no doubt that there are spammers out there who manually submit messages to forums. If they see that 'rel=nofollow' is in place, they are more likely not to bother.
I agree that this will not solve the spam problem. However, in this fight I believe one should try to cover all chinks in the armour, especially if it is easy to do so, as I think it should be in this case.
Check out this page to see how many major players in the blog market are taking this seriously and have already adopted this practice:
http://googleblog.blogspot.com/2005/01/ ... -spam.html
Nevertheless, as you point out, if this was implemented in FCKeditor, it would be handled clientside, and therefore a determined spammer could still bypass client validation and submit the content directly to the server. An outgoing HTTP filter on your browser which would remove all instances of the phrase 'rel=nofollow' would be quite easy to implement. Still, I think only determined spammers would do this, so there is still some value in adding 'rel=nofollow' in the client.
Re: Enforce rel='nofollow' and target='_blank' for all links
Re: Enforce rel='nofollow' and target='_blank' for all links
Thanks very much for this - I'll have a look at the Ok() function.
But I think you're right; this sort of check needs to be done on the server anyway. It is a shame because there is typically lots of spare processing power on the average user's browser to handle adding an attribute to a link, whereas on the server even a simple regexp will have a small performance hit, especially if it is a long forum post. The userbase I am working with is potentially pretty large so every little bit of processor power saved is a bonus.
Still, I think doing it server side is probably the way to go.
Thanks a lot for your replies - very useful.