Is there any reason to not use wp_allowed_protocols() here? Not sure if URLs like mailto:[email protected] being noted as nofollow ugc is flagged as problematic.

Is there any reason to not use wp_allowed_protocols() here?
I didn't use it because I wasn't aware of it's existence.

I'll update to use.

Not sure if URLs like mailto:[email protected] being noted as nofollow ugc is flagged as problematic.

I'm not an expert here so I did a bit of googling and found a few thinks on various stack exchanges stating that in general crawlers don't crawl mailto: links so nofollow wouldn't be necessary but I don't think it would harm. But, semantically maybe that means that instead of using wp_is_url_internal() to determine the rel as a binary (either ugc or ugc nofollow) a helper function such as wp_get_link_rel_attr() (or something to that effect) should be created to handle this. This function could use the wp_is_internal_link() boolean return but also add additional conditions for links with mailto: protocol (and I'll look through other protocols to see if there might be any other conditions that should be handled differently).

Looks like a mailto: link should probably be ugc if in a comment but otherwise the nofollow would be superfluous. Maybe this is an unnecessary detail though.

I don't love this filter name, but also not sure what would be better. Maybe just wp_rel_internal_hosts?

If moving to a new "core" utility function, I think wp_internal_host_urls might be more helpful. Maybe it should even be moved to it's own dedicated function? wp_internal_host_urls() which returns the filtered list only? I like writing code like this myself but didn't want to add additional new functions unless it seemed appropriate.

If moving to a new "core" utility function, I think wp_internal_host_urls might be more helpful. Maybe it should even be moved to it's own dedicated function? wp_internal_host_urls() which returns the filtered list only? I like writing code like this myself but didn't want to add additional new functions unless it seemed appropriate.

Is there any reason to not use wp_allowed_protocols() here?
I didn't use it because I wasn't aware of it's existence.

I'll update to use.

Not sure if URLs like mailto:[email protected] being noted as nofollow ugc is flagged as problematic.

I'm not an expert here so I did a bit of googling and found a few thinks on various stack exchanges stating that in general crawlers don't crawl mailto: links so nofollow wouldn't be necessary but I don't think it would harm. But, semantically maybe that means that instead of using wp_is_url_internal() to determine the rel as a binary (either ugc or ugc nofollow) a helper function such as wp_get_link_rel_attr() (or something to that effect) should be created to handle this. This function could use the wp_is_internal_link() boolean return but also add additional conditions for links with mailto: protocol (and I'll look through other protocols to see if there might be any other conditions that should be handled differently).

Looks like a mailto: link should probably be ugc if in a comment but otherwise the nofollow would be superfluous. Maybe this is an unnecessary detail though.

I wonder if this would be better as a filter called comment_is_ugc that could pass in the full $comment rather than a filter of author names. This would be more flexible for plugin authors.

Yes... but. Semantically I believe this would be the incorrect place to use a filter/function that determines if the comment itself is UGC. This function is retrieving the comment author's link (as submitted by the comment author). So in this particular area we want to know if the author's link is UGC, not whether or not the whole comment is UGC.

So... Merging this with your feedback I'd update it to

comment_author_link_is_ugc, it'll return a boolean instead of an array of usernames, and as a second param it'll receive the WP_Comment object.

The default value will be true and if the filtered value of the var is true we'll add ugc to the $rel_parts array.
What do you think about that?

I wrote the previous comment 3 hours ago and never posted. I rewrote the code and just finished writing tests and now, looking at the new code. I think this particular filter is just unnecessary.

The function get_comment_author_link() shouldn't modify the author link indiscriminately. Although its output can be filtered, it would be better to prevent link tagging for specific authors. This can be achieved by adding the following code on line 223 of wp-includes/comment-template.php:

• https://core.trac.wordpress.org/ticket/53290

At the writing of this comment the only available filter is on the full HTML of the anchor via get_comment_author_link

With this PR (and updates from feedback) there will be a new filter specifically on the rel attributes as an array before being composed into the HTML anchor.

If a developer desires to use comment_author_link_rel to make a specific user automatically not ugc, it can be done so there quite easily. I don't see the need to add two filters here, one to build an allowlist of sorts and another to modify the rel attributes directly.

Incoming PR update applies UGC automatically and can be removed via comment_author_link_rel.

This might just be me, but I think this might be better off filtering the $rel_parts since an array can be a little easier to work with than modifying a string.

I do think that $comment should be the first thing passed in as that contains the most information and then the other parameters used here should follow

With regards to $rel vs $rel_parts I think I basically copied from make_clickable_rel:

I'd agree with you in general but was hesitant in case there was a good reason to follow this code. It probably doesn't constitute a common pattern that I should be bound to follow though. I'm just not intimately familiar with as much core code as regular contributors probably are.

Anyway, I'll update it since it's a new filter and it certainly is easier to work with the parts.

As par as the args, it's probably not even really necessary to pass anything other than the comment object, right?

So:

$rel_parts = apply_filters( '...', $rel_parts, $comment );

Where $rel_part is the array of parts to be imploded into the rel string and $comment is the WP_Comment object from get_comment().

minor: I think a longer description that explains a bit about what "internal" means could be helfpul.

I would love to see some tests specific to this new function.

A few specific scenarios:

• Making sure that HTTP and https versions of a URL both work when home_url is https
• Making sure that the filter correctly adds/removes domains

I plucked this file from another PR that I got side tracked with when I started working on this. I also plucked a bit of code from that PR on the function get_comment_author_link() to prevent the notices thrown.

See trac https://core.trac.wordpress.org/ticket/57615 and #3980

I realize this now has conflicting code in two semi-related PRs, I can pluck the code out of the other PR or merge it all together but I wanted to keep this PR smaller. But... I also had to add a new tests file to test the changes in the function in this PR... well you know

hey @aaronjorbin this change will result in a double space when the rel attribute is present and an unnecessary space before the closing bracket when the attr is not present since the space is included in the $rel_attr var on line 3180

Thanks. I fixed that up

This doesn't seem to be getting used anywhere right now

oh shoot yes... sorry I wrote it and then thought better of it and neglected to remove. Updating right now.