From d5f0d44d4ddf33db2248ef0bdd44633d57c31683 Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Sat, 8 Oct 2011 08:22:08 -0400
Subject: Fixes #3411 output/url now has a is_trusted parameter - defaults to
 false

---
 engine/classes/ElggMenuItem.php                    |  4 +++
 mod/blog/views/default/blog/group_module.php       |  2 ++
 mod/blog/views/default/blog/sidebar/revisions.php  |  6 ++--
 mod/blog/views/default/object/blog.php             |  2 ++
 mod/blog/views/default/widgets/blog/content.php    |  1 +
 .../views/default/bookmarks/group_module.php       |  2 ++
 mod/bookmarks/views/default/object/bookmarks.php   |  9 +++---
 .../views/default/widgets/bookmarks/content.php    |  1 +
 .../views/default/theme_preview/general.php        |  1 +
 .../admin/develop_utilities/diagnostics.php        |  1 +
 mod/file/views/default/file/group_module.php       |  2 ++
 mod/file/views/default/icon/object/file.php        |  1 +
 mod/file/views/default/object/file.php             |  2 ++
 .../views/default/widgets/filerepo/content.php     |  1 +
 .../views/default/discussion/group_module.php      |  2 ++
 .../views/default/groups/invitationrequests.php    |  2 ++
 .../views/default/groups/membershiprequests.php    |  2 ++
 .../default/groups/profile/activity_module.php     |  1 +
 .../views/default/groups/profile/summary.php       |  1 +
 .../views/default/groups/sidebar/members.php       |  1 +
 .../views/default/object/groupforumtopic.php       |  2 ++
 .../default/widgets/a_users_groups/content.php     |  1 +
 mod/likes/views/default/annotation/likes.php       |  1 +
 mod/likes/views/default/likes/button.php           |  2 ++
 mod/logbrowser/views/default/logbrowser/table.php  |  9 ++++--
 .../views/default/widgets/messageboard/content.php |  1 +
 mod/messages/views/default/object/messages.php     |  3 ++
 mod/pages/views/default/annotation/page.php        |  2 ++
 mod/pages/views/default/object/page_top.php        |  2 ++
 mod/pages/views/default/pages/group_module.php     |  2 ++
 mod/pages/views/default/widgets/pages/content.php  |  1 +
 .../views/default/object/reported_content.php      |  8 ++++--
 mod/thewire/views/default/object/thewire.php       |  1 +
 .../views/default/river/object/thewire/create.php  |  2 ++
 .../views/default/thewire/profile_status.php       |  1 +
 .../views/default/widgets/thewire/content.php      |  1 +
 .../forms/twitter_api/interstitial_settings.php    |  1 +
 .../forms/uservalidationbyemail/bulk_action.php    | 21 ++++++++------
 views/default/admin/appearance/default_widgets.php |  1 +
 .../admin/appearance/profile_fields/list.php       |  3 +-
 views/default/admin/header.php                     |  2 ++
 views/default/icon/default.php                     |  1 +
 views/default/icon/user/default.php                |  1 +
 views/default/navigation/breadcrumbs.php           |  1 +
 views/default/navigation/menu/user_hover.php       |  1 +
 views/default/navigation/pagination.php            |  2 ++
 views/default/navigation/tabs.php                  |  6 +++-
 views/default/object/admin_notice.php              |  3 +-
 views/default/object/default.php                   |  1 +
 views/default/object/elements/summary.php          |  1 +
 views/default/object/plugin/advanced.php           | 33 +++++++++++++---------
 views/default/object/plugin/simple.php             |  3 +-
 views/default/object/widget/elements/controls.php  |  1 +
 views/default/output/tag.php                       |  6 +++-
 views/default/output/url.php                       | 15 ++++++++--
 views/default/page/elements/footer.php             |  1 +
 views/default/page/elements/tagcloud_block.php     |  1 +
 views/default/page/layouts/widgets/add_button.php  |  1 +
 views/default/river/elements/body.php              |  2 ++
 views/default/river/elements/responses.php         |  1 +
 views/default/river/elements/summary.php           |  3 ++
 .../river/user/default/profileiconupdate.php       |  1 +
 views/default/river/user/default/profileupdate.php |  1 +
 views/default/widgets/content_stats/content.php    |  1 +
 64 files changed, 157 insertions(+), 41 deletions(-)

diff --git a/engine/classes/ElggMenuItem.php b/engine/classes/ElggMenuItem.php
index b9c81fd78..8ddb1ecd8 100644
--- a/engine/classes/ElggMenuItem.php
+++ b/engine/classes/ElggMenuItem.php
@@ -549,6 +549,10 @@ class ElggMenuItem {
 			}
 		}
 
+		if (!isset($vars['rel']) && !isset($vars['is_trusted'])) {
+			$vars['is_trusted'] = true;
+		}
+
 		if ($this->confirm) {
 			$vars['confirm'] = $this->confirm;
 			return elgg_view('output/confirmlink', $vars);
diff --git a/mod/blog/views/default/blog/group_module.php b/mod/blog/views/default/blog/group_module.php
index d769fbd59..028827178 100644
--- a/mod/blog/views/default/blog/group_module.php
+++ b/mod/blog/views/default/blog/group_module.php
@@ -12,6 +12,7 @@ if ($group->blog_enable == "no") {
 $all_link = elgg_view('output/url', array(
 	'href' => "blog/group/$group->guid/all",
 	'text' => elgg_echo('link:view:all'),
+	'is_trusted' => true,
 ));
 
 elgg_push_context('widgets');
@@ -33,6 +34,7 @@ if (!$content) {
 $new_link = elgg_view('output/url', array(
 	'href' => "blog/add/$group->guid",
 	'text' => elgg_echo('blog:write'),
+	'is_trusted' => true,
 ));
 
 echo elgg_view('groups/profile/module', array(
diff --git a/mod/blog/views/default/blog/sidebar/revisions.php b/mod/blog/views/default/blog/sidebar/revisions.php
index c23b3b052..cd2e7f3d8 100644
--- a/mod/blog/views/default/blog/sidebar/revisions.php
+++ b/mod/blog/views/default/blog/sidebar/revisions.php
@@ -39,7 +39,8 @@ if (elgg_instanceof($blog, 'object', 'blog') && $blog->canEdit()) {
 		if ($blog->status == 'published') {
 			$load = elgg_view('output/url', array(
 				'href' => $load_base_url,
-				'text' => elgg_echo('blog:status:published')
+				'text' => elgg_echo('blog:status:published'),
+				'is_trusted' => true,
 			));
 
 			$time = "<span class='elgg-subtext'>"
@@ -59,7 +60,8 @@ if (elgg_instanceof($blog, 'object', 'blog') && $blog->canEdit()) {
 			}
 			$load = elgg_view('output/url', array(
 				'href' => "$load_base_url/$revision->id",
-				'text' => $revision_lang
+				'text' => $revision_lang,
+				'is_trusted' => true,
 			));
 
 			$text = "$load: $time";
diff --git a/mod/blog/views/default/object/blog.php b/mod/blog/views/default/object/blog.php
index ba08180b1..ab75bd09b 100644
--- a/mod/blog/views/default/object/blog.php
+++ b/mod/blog/views/default/object/blog.php
@@ -21,6 +21,7 @@ $owner_icon = elgg_view_entity_icon($owner, 'tiny');
 $owner_link = elgg_view('output/url', array(
 	'href' => "blog/owner/$owner->username",
 	'text' => $owner->name,
+	'is_trusted' => true,
 ));
 $author_text = elgg_echo('byline', array($owner_link));
 $tags = elgg_view('output/tags', array('tags' => $blog->tags));
@@ -35,6 +36,7 @@ if ($blog->comments_on != 'Off') {
 		$comments_link = elgg_view('output/url', array(
 			'href' => $blog->getURL() . '#blog-comments',
 			'text' => $text,
+			'is_trusted' => true,
 		));
 	} else {
 		$comments_link = '';
diff --git a/mod/blog/views/default/widgets/blog/content.php b/mod/blog/views/default/widgets/blog/content.php
index 7bbfc3c74..330171662 100644
--- a/mod/blog/views/default/widgets/blog/content.php
+++ b/mod/blog/views/default/widgets/blog/content.php
@@ -22,6 +22,7 @@ if ($content) {
 	$more_link = elgg_view('output/url', array(
 		'href' => $blog_url,
 		'text' => elgg_echo('blog:moreblogs'),
+		'is_trusted' => true,
 	));
 	echo "<span class=\"elgg-widget-more\">$more_link</span>";
 } else {
diff --git a/mod/bookmarks/views/default/bookmarks/group_module.php b/mod/bookmarks/views/default/bookmarks/group_module.php
index 3797de010..60a727819 100644
--- a/mod/bookmarks/views/default/bookmarks/group_module.php
+++ b/mod/bookmarks/views/default/bookmarks/group_module.php
@@ -14,6 +14,7 @@ if ($group->bookmarks_enable == "no") {
 $all_link = elgg_view('output/url', array(
 	'href' => "bookmarks/group/$group->guid/all",
 	'text' => elgg_echo('link:view:all'),
+	'is_trusted' => true,
 ));
 
 elgg_push_context('widgets');
@@ -35,6 +36,7 @@ if (!$content) {
 $new_link = elgg_view('output/url', array(
 	'href' => "bookmarks/add/$group->guid",
 	'text' => elgg_echo('bookmarks:add'),
+	'is_trusted' => true,
 ));
 
 echo elgg_view('groups/profile/module', array(
diff --git a/mod/bookmarks/views/default/object/bookmarks.php b/mod/bookmarks/views/default/object/bookmarks.php
index ca1f5d312..784263232 100644
--- a/mod/bookmarks/views/default/object/bookmarks.php
+++ b/mod/bookmarks/views/default/object/bookmarks.php
@@ -17,12 +17,13 @@ $owner_icon = elgg_view_entity_icon($owner, 'tiny');
 $container = $bookmark->getContainerEntity();
 $categories = elgg_view('output/categories', $vars);
 
-$link = filter_tags(elgg_view('output/url', array('href' => $bookmark->address, 'rel' => 'nofollow')));
+$link = elgg_view('output/url', array('href' => $bookmark->address));
 $description = elgg_view('output/longtext', array('value' => $bookmark->description, 'class' => 'pbl'));
 
 $owner_link = elgg_view('output/url', array(
 	'href' => "bookmarks/owner/$owner->username",
 	'text' => $owner->name,
+	'is_trusted' => true,
 ));
 $author_text = elgg_echo('byline', array($owner_link));
 
@@ -36,6 +37,7 @@ if ($comments_count != 0) {
 	$comments_link = elgg_view('output/url', array(
 		'href' => $bookmark->getURL() . '#comments',
 		'text' => $text,
+		'is_trusted' => true,
 	));
 } else {
 	$comments_link = '';
@@ -104,11 +106,10 @@ HTML;
 		}
 	}
 
-	$link = filter_tags(elgg_view('output/url', array(
+	$link = elgg_view('output/url', array(
 		'href' => $bookmark->address,
 		'text' => $display_text,
-		'rel' => 'nofollow',
-	)));
+	));
 
 	$content = elgg_view_icon('push-pin-alt') . "$link{$excerpt}";
 
diff --git a/mod/bookmarks/views/default/widgets/bookmarks/content.php b/mod/bookmarks/views/default/widgets/bookmarks/content.php
index ea7816345..0b85017fc 100644
--- a/mod/bookmarks/views/default/widgets/bookmarks/content.php
+++ b/mod/bookmarks/views/default/widgets/bookmarks/content.php
@@ -24,6 +24,7 @@ if ($content) {
 	$more_link = elgg_view('output/url', array(
 		'href' => $url,
 		'text' => elgg_echo('bookmarks:more'),
+		'is_trusted' => true,
 	));
 	echo "<span class=\"elgg-widget-more\">$more_link</span>";
 } else {
diff --git a/mod/developers/views/default/theme_preview/general.php b/mod/developers/views/default/theme_preview/general.php
index 1a0b54c88..35d8ccbfd 100644
--- a/mod/developers/views/default/theme_preview/general.php
+++ b/mod/developers/views/default/theme_preview/general.php
@@ -17,6 +17,7 @@
 		'text' => elgg_echo('theme_preview:breakout'),
 		'href' => current_page_url(),
 		'target' => '_parent',
+		'is_trusted' => true,
 	));
 ?>
 </p>
diff --git a/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php b/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php
index 76f12b0ae..b41907da2 100644
--- a/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php
+++ b/mod/diagnostics/views/default/admin/develop_utilities/diagnostics.php
@@ -18,6 +18,7 @@ if (elgg_get_config('debug')) {
 		'text' => elgg_echo('diagnostics:test:executeall'),
 		'href' => 'engine/tests/suite.php',
 		'class' => 'elgg-button elgg-button-submit',
+		'is_trusted' => true,
 	);
 	$unit_tests .= '<p>' . elgg_view('output/url', $params) . '</p>';
 } else {
diff --git a/mod/file/views/default/file/group_module.php b/mod/file/views/default/file/group_module.php
index c37b13927..ad6c58dbb 100644
--- a/mod/file/views/default/file/group_module.php
+++ b/mod/file/views/default/file/group_module.php
@@ -12,6 +12,7 @@ if ($group->file_enable == "no") {
 $all_link = elgg_view('output/url', array(
 	'href' => "file/group/$group->guid/all",
 	'text' => elgg_echo('link:view:all'),
+	'is_trusted' => true,
 ));
 
 elgg_push_context('widgets');
@@ -33,6 +34,7 @@ if (!$content) {
 $new_link = elgg_view('output/url', array(
 	'href' => "file/add/$group->guid",
 	'text' => elgg_echo('file:add'),
+	'is_trusted' => true,
 ));
 
 echo elgg_view('groups/profile/module', array(
diff --git a/mod/file/views/default/icon/object/file.php b/mod/file/views/default/icon/object/file.php
index 7feba7af3..ff729da94 100644
--- a/mod/file/views/default/icon/object/file.php
+++ b/mod/file/views/default/icon/object/file.php
@@ -36,6 +36,7 @@ if ($url) {
 	$params = array(
 		'href' => $url,
 		'text' => $img,
+		'is_trusted' => true,
 	);
 	if (isset($vars['link_class'])) {
 		$params['class'] = $vars['link_class'];
diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php
index 95e190d35..fbd585b8a 100644
--- a/mod/file/views/default/object/file.php
+++ b/mod/file/views/default/object/file.php
@@ -24,6 +24,7 @@ $body = elgg_view('output/longtext', array('value' => $file->description));
 $owner_link = elgg_view('output/url', array(
 	'href' => "file/owner/$owner->username",
 	'text' => $owner->name,
+	'is_trusted' => true,
 ));
 $author_text = elgg_echo('byline', array($owner_link));
 
@@ -39,6 +40,7 @@ if ($comments_count != 0) {
 	$comments_link = elgg_view('output/url', array(
 		'href' => $file->getURL() . '#file-comments',
 		'text' => $text,
+		'is_trusted' => true,
 	));
 } else {
 	$comments_link = '';
diff --git a/mod/file/views/default/widgets/filerepo/content.php b/mod/file/views/default/widgets/filerepo/content.php
index 4288b9e56..f3e152de3 100644
--- a/mod/file/views/default/widgets/filerepo/content.php
+++ b/mod/file/views/default/widgets/filerepo/content.php
@@ -25,6 +25,7 @@ if ($content) {
 	$more_link = elgg_view('output/url', array(
 		'href' => $url,
 		'text' => elgg_echo('file:more'),
+		'is_trusted' => true,
 	));
 	echo "<span class=\"elgg-widget-more\">$more_link</span>";
 } else {
diff --git a/mod/groups/views/default/discussion/group_module.php b/mod/groups/views/default/discussion/group_module.php
index 3a46e336e..3c9961f82 100644
--- a/mod/groups/views/default/discussion/group_module.php
+++ b/mod/groups/views/default/discussion/group_module.php
@@ -15,6 +15,7 @@ $group = $vars['entity'];
 $all_link = elgg_view('output/url', array(
 	'href' => "discussion/owner/$group->guid",
 	'text' => elgg_echo('link:view:all'),
+	'is_trusted' => true,
 ));
 
 elgg_push_context('widgets');
@@ -36,6 +37,7 @@ if (!$content) {
 $new_link = elgg_view('output/url', array(
 	'href' => "discussion/add/" . $group->getGUID(),
 	'text' => elgg_echo('groups:addtopic'),
+	'is_trusted' => true,
 ));
 
 echo elgg_view('groups/profile/module', array(
diff --git a/mod/groups/views/default/groups/invitationrequests.php b/mod/groups/views/default/groups/invitationrequests.php
index 9c2df8b9c..e644b6bdc 100644
--- a/mod/groups/views/default/groups/invitationrequests.php
+++ b/mod/groups/views/default/groups/invitationrequests.php
@@ -15,6 +15,7 @@ if (!empty($vars['invitations']) && is_array($vars['invitations'])) {
 			$group_title = elgg_view('output/url', array(
 				'href' => $group->getURL(),
 				'text' => $group->name,
+				'is_trusted' => true,
 			));
 
 			$url = elgg_add_action_tokens_to_url(elgg_get_site_url()."action/groups/join?user_guid={$user->guid}&group_guid={$group->guid}");
@@ -22,6 +23,7 @@ if (!empty($vars['invitations']) && is_array($vars['invitations'])) {
 				'href' => $url,
 				'text' => elgg_echo('accept'),
 				'class' => 'elgg-button elgg-button-submit',
+				'is_trusted' => true,
 			));
 
 			$url = "action/groups/killinvitation?user_guid={$user->getGUID()}&group_guid={$group->getGUID()}";
diff --git a/mod/groups/views/default/groups/membershiprequests.php b/mod/groups/views/default/groups/membershiprequests.php
index 7f33b83e0..489d6f5e3 100644
--- a/mod/groups/views/default/groups/membershiprequests.php
+++ b/mod/groups/views/default/groups/membershiprequests.php
@@ -16,6 +16,7 @@ if (!empty($vars['requests']) && is_array($vars['requests'])) {
 			$user_title = elgg_view('output/url', array(
 				'href' => $user->getURL(),
 				'text' => $user->name,
+				'is_trusted' => true,
 			));
 
 			$url = "action/groups/addtogroup?user_guid={$user->guid}&group_guid={$vars['entity']->guid}";
@@ -24,6 +25,7 @@ if (!empty($vars['requests']) && is_array($vars['requests'])) {
 				'href' => $url,
 				'text' => elgg_echo('accept'),
 				'class' => 'elgg-button elgg-button-submit',
+				'is_trusted' => true,
 			));
 
 			$url = 'action/groups/killrequest?user_guid=' . $user->guid . '&group_guid=' . $vars['entity']->guid;
diff --git a/mod/groups/views/default/groups/profile/activity_module.php b/mod/groups/views/default/groups/profile/activity_module.php
index 5e557b443..832ff4a4b 100644
--- a/mod/groups/views/default/groups/profile/activity_module.php
+++ b/mod/groups/views/default/groups/profile/activity_module.php
@@ -19,6 +19,7 @@ if (!$group) {
 $all_link = elgg_view('output/url', array(
 	'href' => "groups/activity/$group->guid",
 	'text' => elgg_echo('link:view:all'),
+	'is_trusted' => true,
 ));
 
 
diff --git a/mod/groups/views/default/groups/profile/summary.php b/mod/groups/views/default/groups/profile/summary.php
index b7ae51070..54abcb1e5 100644
--- a/mod/groups/views/default/groups/profile/summary.php
+++ b/mod/groups/views/default/groups/profile/summary.php
@@ -28,6 +28,7 @@ $owner = $group->getOwnerEntity();
 					echo elgg_view('output/url', array(
 						'text' => $owner->name,
 						'value' => $owner->getURL(),
+						'is_trusted' => true,
 					));
 				?>
 			</p>
diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php
index 7249ffbf4..49f14697c 100644
--- a/mod/groups/views/default/groups/sidebar/members.php
+++ b/mod/groups/views/default/groups/sidebar/members.php
@@ -13,6 +13,7 @@ $limit = elgg_extract('limit', $vars, 10);
 $all_link = elgg_view('output/url', array(
 	'href' => 'groups/members/' . $vars['entity']->guid,
 	'text' => elgg_echo('groups:members:more'),
+	'is_trusted' => true,
 ));
 
 $body = elgg_list_entities_from_relationship(array(
diff --git a/mod/groups/views/default/object/groupforumtopic.php b/mod/groups/views/default/object/groupforumtopic.php
index 22589b84d..f3d5f96d5 100644
--- a/mod/groups/views/default/object/groupforumtopic.php
+++ b/mod/groups/views/default/object/groupforumtopic.php
@@ -20,6 +20,7 @@ $poster_icon = elgg_view_entity_icon($poster, 'tiny');
 $poster_link = elgg_view('output/url', array(
 	'href' => $poster->getURL(),
 	'text' => $poster->name,
+	'is_trusted' => true,
 ));
 $poster_text = elgg_echo('groups:started', array($poster->name));
 
@@ -42,6 +43,7 @@ if ($num_replies != 0) {
 	$replies_link = elgg_view('output/url', array(
 		'href' => $topic->getURL() . '#group-replies',
 		'text' => elgg_echo('group:replies') . " ($num_replies)",
+		'is_trusted' => true,
 	));
 }
 
diff --git a/mod/groups/views/default/widgets/a_users_groups/content.php b/mod/groups/views/default/widgets/a_users_groups/content.php
index 114fd7565..fe1a46e39 100644
--- a/mod/groups/views/default/widgets/a_users_groups/content.php
+++ b/mod/groups/views/default/widgets/a_users_groups/content.php
@@ -25,6 +25,7 @@ if ($content) {
 	$more_link = elgg_view('output/url', array(
 		'href' => $url,
 		'text' => elgg_echo('groups:more'),
+		'is_trusted' => true,
 	));
 	echo "<span class=\"elgg-widget-more\">$more_link</span>";
 } else {
diff --git a/mod/likes/views/default/annotation/likes.php b/mod/likes/views/default/annotation/likes.php
index 2dd01b6cd..314d0790d 100644
--- a/mod/likes/views/default/annotation/likes.php
+++ b/mod/likes/views/default/annotation/likes.php
@@ -20,6 +20,7 @@ $user_icon = elgg_view_entity_icon($user, 'tiny');
 $user_link = elgg_view('output/url', array(
 	'href' => $user->getURL(),
 	'text' => $user->name,
+	'is_trusted' => true,
 ));
 
 $likes_string = elgg_echo('likes:this');
diff --git a/mod/likes/views/default/likes/button.php b/mod/likes/views/default/likes/button.php
index 383e1bb63..3f2f073cc 100644
--- a/mod/likes/views/default/likes/button.php
+++ b/mod/likes/views/default/likes/button.php
@@ -20,6 +20,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
 			'text' => elgg_view_icon('thumbs-up'),
 			'title' => elgg_echo('likes:likethis'),
 			'is_action' => true,
+			'is_trusted' => true,
 		);
 		$likes_button = elgg_view('output/url', $params);
 	} else {
@@ -34,6 +35,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
 			'text' => elgg_view_icon('thumbs-up-alt'),
 			'title' => elgg_echo('likes:remove'),
 			'is_action' => true,
+			'is_trusted' => true,
 		);
 		$likes_button = elgg_view('output/url', $params);
 	}
diff --git a/mod/logbrowser/views/default/logbrowser/table.php b/mod/logbrowser/views/default/logbrowser/table.php
index 86c8a1423..b7f6a1f20 100644
--- a/mod/logbrowser/views/default/logbrowser/table.php
+++ b/mod/logbrowser/views/default/logbrowser/table.php
@@ -24,11 +24,13 @@ $log_entries = $vars['log_entries'];
 		if ($user) {
 			$user_link = elgg_view('output/url', array(
 				'href' => $user->getURL(),
-				'text' => $user->name
+				'text' => $user->name,
+				'is_trusted' => true,
 			));
 			$user_guid_link = elgg_view('output/url', array(
 				'href' => "admin/overview/logbrowser?user_guid=$user->guid",
-				'text' => $user->getGUID()
+				'text' => $user->getGUID(),
+				'is_trusted' => true,
 			));
 		} else {
 			$user_guid_link = $user_link = '&nbsp;';
@@ -38,7 +40,8 @@ $log_entries = $vars['log_entries'];
 		if (is_callable(array($object, 'getURL'))) {
 			$object_link = elgg_view('output/url', array(
 				'href' => $object->getURL(),
-				'text' => $entry->object_class
+				'text' => $entry->object_class,
+				'is_trusted' => true,
 			));
 		} else {
 			$object_link = $entry->object_class;
diff --git a/mod/messageboard/views/default/widgets/messageboard/content.php b/mod/messageboard/views/default/widgets/messageboard/content.php
index 63f389e6a..35954e7a3 100644
--- a/mod/messageboard/views/default/widgets/messageboard/content.php
+++ b/mod/messageboard/views/default/widgets/messageboard/content.php
@@ -31,4 +31,5 @@ if ($owner instanceof ElggGroup) {
 echo elgg_view('output/url', array(
 	'href' => $url,
 	'text' => elgg_echo('messageboard:viewall'),
+	'is_trusted' => true,
 ));
\ No newline at end of file
diff --git a/mod/messages/views/default/object/messages.php b/mod/messages/views/default/object/messages.php
index b6f9ed6d5..8c840dd57 100644
--- a/mod/messages/views/default/object/messages.php
+++ b/mod/messages/views/default/object/messages.php
@@ -24,6 +24,7 @@ if ($message->toId == elgg_get_page_owner_guid()) {
 		$user_link = elgg_view('output/url', array(
 			'href' => "messages/compose?send_to=$user->guid",
 			'text' => $user->name,
+			'is_trusted' => true,
 		));
 	} else {
 		$icon = '';
@@ -45,6 +46,7 @@ if ($message->toId == elgg_get_page_owner_guid()) {
 		$user_link = elgg_view('output/url', array(
 			'href' => "messages/compose?send_to=$user->guid",
 			'text' => elgg_echo('messages:to_user', array($user->name)),
+			'is_trusted' => true,
 		));
 	} else {
 		$icon = '';
@@ -63,6 +65,7 @@ if (!$full) {
 $subject_info .= elgg_view('output/url', array(
 	'href' => $message->getURL(),
 	'text' => $message->title,
+	'is_trusted' => true,
 ));
 
 $delete_link = elgg_view("output/confirmlink", array(
diff --git a/mod/pages/views/default/annotation/page.php b/mod/pages/views/default/annotation/page.php
index f7a7a78a1..a621b9281 100644
--- a/mod/pages/views/default/annotation/page.php
+++ b/mod/pages/views/default/annotation/page.php
@@ -21,6 +21,7 @@ if (!$owner) {
 $owner_link = elgg_view('output/url', array(
 	'href' => $owner->getURL(),
 	'text' => $owner->name,
+	'is_trusted' => true,
 ));
 
 $date = elgg_view_friendly_time($annotation->time_created);
@@ -28,6 +29,7 @@ $date = elgg_view_friendly_time($annotation->time_created);
 $title_link = elgg_view('output/url', array(
 	'href' => $annotation->getURL(),
 	'text' => $page->title,
+	'is_trusted' => true,
 ));
 
 $subtitle = elgg_echo('pages:revision:subtitle', array($date, $owner_link));
diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php
index 8ba9fc298..0f7b51a0e 100644
--- a/mod/pages/views/default/object/page_top.php
+++ b/mod/pages/views/default/object/page_top.php
@@ -40,6 +40,7 @@ $editor = get_entity($annotation->owner_guid);
 $editor_link = elgg_view('output/url', array(
 	'href' => "pages/owner/$editor->username",
 	'text' => $editor->name,
+	'is_trusted' => true,
 ));
 
 $date = elgg_view_friendly_time($annotation->time_created);
@@ -53,6 +54,7 @@ if ($comments_count != 0 && !$revision) {
 	$comments_link = elgg_view('output/url', array(
 		'href' => $page->getURL() . '#page-comments',
 		'text' => $text,
+		'is_trusted' => true,
 	));
 } else {
 	$comments_link = '';
diff --git a/mod/pages/views/default/pages/group_module.php b/mod/pages/views/default/pages/group_module.php
index 7e2656ca3..0d7df96ac 100644
--- a/mod/pages/views/default/pages/group_module.php
+++ b/mod/pages/views/default/pages/group_module.php
@@ -15,6 +15,7 @@ if ($group->pages_enable == "no") {
 $all_link = elgg_view('output/url', array(
 	'href' => "pages/group/$group->guid/all",
 	'text' => elgg_echo('link:view:all'),
+	'is_trusted' => true,
 ));
 
 
@@ -37,6 +38,7 @@ if (!$content) {
 $new_link = elgg_view('output/url', array(
 	'href' => "pages/add/$group->guid",
 	'text' => elgg_echo('pages:add'),
+	'is_trusted' => true,
 ));
 
 echo elgg_view('groups/profile/module', array(
diff --git a/mod/pages/views/default/widgets/pages/content.php b/mod/pages/views/default/widgets/pages/content.php
index 3ae0b8454..f63777c09 100644
--- a/mod/pages/views/default/widgets/pages/content.php
+++ b/mod/pages/views/default/widgets/pages/content.php
@@ -24,6 +24,7 @@ if ($content) {
 	$more_link = elgg_view('output/url', array(
 		'href' => $url,
 		'text' => elgg_echo('pages:more'),
+		'is_trusted' => true,
 	));
 	echo "<span class=\"elgg-widget-more\">$more_link</span>";
 } else {
diff --git a/mod/reportedcontent/views/default/object/reported_content.php b/mod/reportedcontent/views/default/object/reported_content.php
index 6bcbf6e5d..0e733e154 100644
--- a/mod/reportedcontent/views/default/object/reported_content.php
+++ b/mod/reportedcontent/views/default/object/reported_content.php
@@ -29,6 +29,7 @@ if ($report->state == 'archived') {
 			'href' => $archive_url,
 			'text' => elgg_echo('reportedcontent:archive'),
 			'is_action' => true,
+			'is_trusted' => true,
 			'class' => 'elgg-button elgg-button-action',
 		);
 		echo elgg_view('output/url', $params);
@@ -37,6 +38,7 @@ if ($report->state == 'archived') {
 		'href' => $delete_url,
 		'text' => elgg_echo('reportedcontent:delete'),
 		'is_action' => true,
+		'is_trusted' => true,
 		'class' => 'elgg-button elgg-button-action',
 	);
 	echo elgg_view('output/url', $params);
@@ -46,7 +48,8 @@ if ($report->state == 'archived') {
 			<b><?php echo elgg_echo('reportedcontent:by'); ?>:</b>
 			<?php echo elgg_view('output/url', array(
 				'href' => $reporter->getURL(),
-				'text' => $reporter->name
+				'text' => $reporter->name,
+				'is_trusted' => true,
 			));
 			?>,
 			<?php echo elgg_view_friendly_time($report->time_created); ?>
@@ -68,7 +71,8 @@ if ($report->state == 'archived') {
 			<b><?php echo elgg_echo('reportedcontent:objecturl'); ?>:</b>
 			<?php echo elgg_view('output/url', array(
 				'href' => $report->address,
-				'text' => elgg_echo('reportedcontent:visit')
+				'text' => elgg_echo('reportedcontent:visit'),
+				'is_trusted' => true,
 			));
 			?>
 		</p>
diff --git a/mod/thewire/views/default/object/thewire.php b/mod/thewire/views/default/object/thewire.php
index 2727df60d..134c87243 100644
--- a/mod/thewire/views/default/object/thewire.php
+++ b/mod/thewire/views/default/object/thewire.php
@@ -26,6 +26,7 @@ $owner_icon = elgg_view_entity_icon($owner, 'tiny');
 $owner_link = elgg_view('output/url', array(
 	'href' => "thewire/owner/$owner->username",
 	'text' => $owner->name,
+	'is_trusted' => true,
 ));
 $author_text = elgg_echo('byline', array($owner_link));
 $date = elgg_view_friendly_time($post->time_created);
diff --git a/mod/thewire/views/default/river/object/thewire/create.php b/mod/thewire/views/default/river/object/thewire/create.php
index c3c434858..fbf592664 100644
--- a/mod/thewire/views/default/river/object/thewire/create.php
+++ b/mod/thewire/views/default/river/object/thewire/create.php
@@ -12,12 +12,14 @@ $subject_link = elgg_view('output/url', array(
 	'href' => $subject->getURL(),
 	'text' => $subject->name,
 	'class' => 'elgg-river-subject',
+	'is_trusted' => true,
 ));
 
 $object_link = elgg_view('output/url', array(
 	'href' => "thewire/owner/$subject->username",
 	'text' => elgg_echo('thewire:wire'),
 	'class' => 'elgg-river-object',
+	'is_trusted' => true,
 ));
 
 $summary = elgg_echo("river:create:object:thewire", array($subject_link, $object_link));
diff --git a/mod/thewire/views/default/thewire/profile_status.php b/mod/thewire/views/default/thewire/profile_status.php
index 6ab47bccb..ab20b5341 100644
--- a/mod/thewire/views/default/thewire/profile_status.php
+++ b/mod/thewire/views/default/thewire/profile_status.php
@@ -28,6 +28,7 @@ if ($latest_wire && count($latest_wire) > 0) {
 			'text' => elgg_echo('thewire:update'),
 			'href' => $url_to_wire,
 			'class' => 'elgg-button elgg-button-action right',
+			'is_trusted' => true,
 		));
 	}
 
diff --git a/mod/thewire/views/default/widgets/thewire/content.php b/mod/thewire/views/default/widgets/thewire/content.php
index 835a328b0..7212d4397 100644
--- a/mod/thewire/views/default/widgets/thewire/content.php
+++ b/mod/thewire/views/default/widgets/thewire/content.php
@@ -22,6 +22,7 @@ if ($content) {
 	$more_link = elgg_view('output/url', array(
 		'href' => $owner_url,
 		'text' => elgg_echo('thewire:moreposts'),
+		'is_trusted' => true,
 	));
 	echo "<span class=\"elgg-widget-more\">$more_link</span>";
 } else {
diff --git a/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php b/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php
index fdeafd46d..2592013c6 100644
--- a/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php
+++ b/mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php
@@ -58,4 +58,5 @@ echo elgg_view('output/url', array(
 	'class' => 'right',
 	'text' => elgg_echo('twitter_api:interstitial:no_thanks'),
 	'href' => '/',
+	'is_trusted' => true,
 ));
\ No newline at end of file
diff --git a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
index 2872b7a0c..0e1461058 100644
--- a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
+++ b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
@@ -52,27 +52,30 @@ $bulk_actions_checkbox = '<label><input type="checkbox" class="unvalidated-users
 	. elgg_echo('uservalidationbyemail:check_all') . '</label>';
 
 $validate = elgg_view('output/url', array(
-	'is_action' => TRUE,
-	'js' => 'title="' . elgg_echo('uservalidationbyemail:confirm_validate_checked') . '"',
-	'href' => $vars['url'] . "action/uservalidationbyemail/validate/",
+	'href' => 'action/uservalidationbyemail/validate/',
 	'text' => elgg_echo('uservalidationbyemail:admin:validate'),
+	'title' => elgg_echo('uservalidationbyemail:confirm_validate_checked'),
 	'class' => 'unvalidated-users-bulk-post',
+	'is_action' => true,
+	'is_trusted' => true,
 ));
 
 $resend_email = elgg_view('output/url', array(
-	'is_action' => TRUE,
-	'js' => 'title="' . elgg_echo('uservalidationbyemail:confirm_resend_validation_checked') . '"',
-	'href' => $vars['url'] . "action/uservalidationbyemail/resend_validation/",
+	'href' => 'action/uservalidationbyemail/resend_validation/',
 	'text' => elgg_echo('uservalidationbyemail:admin:resend_validation'),
+	'title' => elgg_echo('uservalidationbyemail:confirm_resend_validation_checked'),
 	'class' => 'unvalidated-users-bulk-post',
+	'is_action' => true,
+	'is_trusted' => true,
 ));
 
 $delete = elgg_view('output/url', array(
-	'is_action' => TRUE,
-	'js' => 'title="' . elgg_echo('uservalidationbyemail:confirm_delete_checked') . '"',
-	'href' => $vars['url'] . "action/uservalidationbyemail/delete/",
+	'href' => 'action/uservalidationbyemail/delete/',
 	'text' => elgg_echo('uservalidationbyemail:admin:delete'),
+	'title' => elgg_echo('uservalidationbyemail:confirm_delete_checked'),
 	'class' => 'unvalidated-users-bulk-post',
+	'is_action' => true,
+	'is_trusted' => true,
 ));
 
 $bulk_actions = <<<___END
diff --git a/views/default/admin/appearance/default_widgets.php b/views/default/admin/appearance/default_widgets.php
index 4416dc8f6..1bf5791ac 100644
--- a/views/default/admin/appearance/default_widgets.php
+++ b/views/default/admin/appearance/default_widgets.php
@@ -17,6 +17,7 @@ if ($object) {
 		'text' => elgg_echo('upgrade'),
 		'href' => 'action/widgets/upgrade',
 		'is_action' => true,
+		'is_trusted' => true,
 		'class' => 'elgg_button elgg-button-submit',
 		'title' => 'Upgrade your default widgets to work on Elgg 1.8',
 	));
diff --git a/views/default/admin/appearance/profile_fields/list.php b/views/default/admin/appearance/profile_fields/list.php
index 6e79838ea..f4ff1e986 100644
--- a/views/default/admin/appearance/profile_fields/list.php
+++ b/views/default/admin/appearance/profile_fields/list.php
@@ -39,8 +39,9 @@ foreach ($items as $item) {
 	//$even_odd = ( 'odd' != $even_odd ) ? 'odd' : 'even';
 	$url = elgg_view('output/url', array(
 		'href' => "action/profile/fields/delete?id={$item->shortname}",
-		'is_action' => TRUE,
 		'text' => elgg_view_icon('delete-alt'),
+		'is_action' => true,
+		'is_trusted' => true,
 	));
 	$type = elgg_echo($item->type);
 	echo <<<HTML
diff --git a/views/default/admin/header.php b/views/default/admin/header.php
index 3919c017e..331190a88 100644
--- a/views/default/admin/header.php
+++ b/views/default/admin/header.php
@@ -7,10 +7,12 @@ $admin_title = elgg_get_site_entity()->name . ' ' . elgg_echo('admin');
 $view_site = elgg_view('output/url', array(
 	'href' => elgg_get_site_url(),
 	'text' => elgg_echo('admin:view_site'),
+	'is_trusted' => true,
 ));
 $logout = elgg_view('output/url', array(
 	'href' => 'action/logout',
 	'text' => elgg_echo('logout'),
+	'is_trusted' => true,
 ));
 ?>
 <h1 class="elgg-heading-site">
diff --git a/views/default/icon/default.php b/views/default/icon/default.php
index 3abd96b96..533b92c43 100644
--- a/views/default/icon/default.php
+++ b/views/default/icon/default.php
@@ -39,6 +39,7 @@ if ($url) {
 	echo elgg_view('output/url', array(
 		'href' => $url,
 		'text' => $img,
+		'is_trusted' => true,
 	));
 } else {
 	echo $img;
diff --git a/views/default/icon/user/default.php b/views/default/icon/user/default.php
index aca03521f..0eb3691bd 100644
--- a/views/default/icon/user/default.php
+++ b/views/default/icon/user/default.php
@@ -66,6 +66,7 @@ if ($show_menu) {
 echo elgg_view('output/url', array(
 	'href' => $user->getURL(),
 	'text' => $icon,
+	'is_trusted' => true,
 ));
 ?>
 </div>
diff --git a/views/default/navigation/breadcrumbs.php b/views/default/navigation/breadcrumbs.php
index bad73c4b3..88577a8ff 100644
--- a/views/default/navigation/breadcrumbs.php
+++ b/views/default/navigation/breadcrumbs.php
@@ -30,6 +30,7 @@ if (is_array($breadcrumbs) && count($breadcrumbs) > 0) {
 			$crumb = elgg_view('output/url', array(
 				'href' => $breadcrumb['link'],
 				'text' => $breadcrumb['title'],
+				'is_trusted' => true,
 			));
 		} else {
 			$crumb = $breadcrumb['title'];
diff --git a/views/default/navigation/menu/user_hover.php b/views/default/navigation/menu/user_hover.php
index e32e5ab57..5c89e585c 100644
--- a/views/default/navigation/menu/user_hover.php
+++ b/views/default/navigation/menu/user_hover.php
@@ -19,6 +19,7 @@ echo '<ul class="elgg-menu elgg-menu-hover">';
 $name_link = elgg_view('output/url', array(
 	'href' => $user->getURL(),
 	'text' => "<span class=\"elgg-heading-basic\">$user->name</span>&#64;$user->username",
+	'is_trusted' => true,
 ));
 echo "<li>$name_link</li>";
 
diff --git a/views/default/navigation/pagination.php b/views/default/navigation/pagination.php
index c0cb801dd..4df5cf575 100644
--- a/views/default/navigation/pagination.php
+++ b/views/default/navigation/pagination.php
@@ -42,10 +42,12 @@ $pages = new stdClass();
 $pages->prev = array(
 	'text' => '&laquo; ' . elgg_echo('previous'),
 	'href' => '',
+	'is_trusted' => true,
 );
 $pages->next = array(
 	'text' => elgg_echo('next') . ' &raquo;',
 	'href' => '',
+	'is_trusted' => true,
 );
 $pages->items = array();
 
diff --git a/views/default/navigation/tabs.php b/views/default/navigation/tabs.php
index 0108126ad..e8fde3579 100644
--- a/views/default/navigation/tabs.php
+++ b/views/default/navigation/tabs.php
@@ -47,7 +47,7 @@ if (isset($vars['tabs']) && is_array($vars['tabs']) && !empty($vars['tabs'])) {
 		$options = array(
 			'href' => $url,
 			'title' => $title,
-			'text' => $title
+			'text' => $title,
 		);
 
 		if (isset($info['url_class'])) {
@@ -58,6 +58,10 @@ if (isset($vars['tabs']) && is_array($vars['tabs']) && !empty($vars['tabs'])) {
 			$options['id'] = $info['url_id'];
 		}
 
+		if (!isset($info['rel']) && !isset($info['is_trusted'])) {
+			$options['is_trusted'] = true;
+		}
+
 		$link = elgg_view('output/url', $options);
 
 		echo "<li $class_str $js>$link</li>";
diff --git a/views/default/object/admin_notice.php b/views/default/object/admin_notice.php
index 086eddb1f..11524567e 100644
--- a/views/default/object/admin_notice.php
+++ b/views/default/object/admin_notice.php
@@ -11,7 +11,8 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'], 'object', 'admin_
 		'href' => "action/admin/delete_admin_notice?guid=$notice->guid",
 		'text' => '<span class="elgg-icon elgg-icon-delete"></span>',
 		'is_action' => true,
-		'class' => 'elgg-admin-notice'
+		'class' => 'elgg-admin-notice',
+		'is_trusted' => true,
 	));
 
 	echo "<p>$delete$message</p>";
diff --git a/views/default/object/default.php b/views/default/object/default.php
index a50f19387..a9c3e15ca 100644
--- a/views/default/object/default.php
+++ b/views/default/object/default.php
@@ -28,6 +28,7 @@ if ($owner) {
 	$owner_link = elgg_view('output/url', array(
 		'href' => $owner->getURL(),
 		'text' => $owner->name,
+		'is_trusted' => true,
 	));
 }
 
diff --git a/views/default/object/elements/summary.php b/views/default/object/elements/summary.php
index 10cf0b148..3ca4de2be 100644
--- a/views/default/object/elements/summary.php
+++ b/views/default/object/elements/summary.php
@@ -29,6 +29,7 @@ if ($title_link === '') {
 	$params = array(
 		'text' => $text,
 		'href' => $entity->getURL(),
+		'is_trusted' => true,
 	);
 	$title_link = elgg_view('output/url', $params);
 }
diff --git a/views/default/object/plugin/advanced.php b/views/default/object/plugin/advanced.php
index 1fabaff04..db4e4dbcc 100644
--- a/views/default/object/plugin/advanced.php
+++ b/views/default/object/plugin/advanced.php
@@ -40,9 +40,10 @@ if ($reordering) {
 		));
 
 		$links .= "<li>" . elgg_view('output/url', array(
-			'href' 		=> $top_url,
-			'text'		=> elgg_echo('top'),
-			'is_action'	=> true
+			'href' => $top_url,
+			'text' => elgg_echo('top'),
+			'is_action' => true,
+			'is_trusted' => true,
 		)) . "</li>";
 
 		$up_url = elgg_http_add_url_query_elements($actions_base . 'set_priority', array(
@@ -52,9 +53,10 @@ if ($reordering) {
 		));
 
 		$links .= "<li>" . elgg_view('output/url', array(
-			'href' 		=> $up_url,
-			'text'		=> elgg_echo('up'),
-			'is_action'	=> true
+			'href' => $up_url,
+			'text' => elgg_echo('up'),
+			'is_action' => true,
+			'is_trusted' => true,
 		)) . "</li>";
 	}
 
@@ -67,9 +69,10 @@ if ($reordering) {
 		));
 
 		$links .= "<li>" . elgg_view('output/url', array(
-			'href' 		=> $down_url,
-			'text'		=> elgg_echo('down'),
-			'is_action'	=> true
+			'href' => $down_url,
+			'text' => elgg_echo('down'),
+			'is_action'	=> true,
+			'is_trusted' => true,
 		)) . "</li>";
 
 		$bottom_url = elgg_http_add_url_query_elements($actions_base . 'set_priority', array(
@@ -81,7 +84,8 @@ if ($reordering) {
 		$links .= "<li>" . elgg_view('output/url', array(
 			'href' 		=> $bottom_url,
 			'text'		=> elgg_echo('bottom'),
-			'is_action'	=> true
+			'is_action'	=> true,
+			'is_trusted' => true,
 		)) . "</li>";
 	}
 } else {
@@ -93,7 +97,8 @@ if ($reordering) {
 
 // always let them deactivate
 $options = array(
-	'is_action' => true
+	'is_action' => true,
+	'is_trusted' => true,
 );
 if ($active) {
 	$active_class = 'elgg-state-active';
@@ -163,7 +168,8 @@ $author = '<span>' . elgg_echo('admin:plugins:label:author') . '</span>: '
 $version = htmlspecialchars($plugin->getManifest()->getVersion());
 $website = elgg_view('output/url', array(
 	'href' => $plugin->getManifest()->getWebsite(),
-	'text' => $plugin->getManifest()->getWebsite()
+	'text' => $plugin->getManifest()->getWebsite(),
+	'is_trusted' => true,
 ));
 
 $copyright = elgg_view('output/text', array('value' => $plugin->getManifest()->getCopyright()));
@@ -179,7 +185,8 @@ if ($files) {
 		$url = 'admin_plugin_text_file/' . $plugin->getID() . "/$file";
 		$link = elgg_view('output/url', array(
 			'text' => $file,
-			'href' => $url
+			'href' => $url,
+			'is_trusted' => true,
 		));
 		$docs .= "<li>$link</li>";
 
diff --git a/views/default/object/plugin/simple.php b/views/default/object/plugin/simple.php
index f4cc944f4..4d392e71a 100644
--- a/views/default/object/plugin/simple.php
+++ b/views/default/object/plugin/simple.php
@@ -49,7 +49,8 @@ foreach ($files as $file => $path) {
 	$url = 'admin_plugin_text_file/' . $plugin->getID() . "/$file";
 	$link = elgg_view('output/url', array(
 		'text' => $file,
-		'href' => $url
+		'href' => $url,
+		'is_trusted' => true,
 	));
 	$plugin_footer .= "<li>$link</li>";
 
diff --git a/views/default/object/widget/elements/controls.php b/views/default/object/widget/elements/controls.php
index abf2154fc..6d06d28bc 100644
--- a/views/default/object/widget/elements/controls.php
+++ b/views/default/object/widget/elements/controls.php
@@ -24,6 +24,7 @@ if ($widget->canEdit()) {
 		'title' => elgg_echo('widget:delete', array($widget->getTitle())),
 		'href' => "action/widgets/delete?guid=$widget->guid",
 		'is_action' => true,
+		'is_trusted' => true,
 		'class' => 'elgg-widget-delete-button',
 		'id' => "elgg-widget-delete-button-$widget->guid"
 	);
diff --git a/views/default/output/tag.php b/views/default/output/tag.php
index abae9c4b2..3c002a31b 100644
--- a/views/default/output/tag.php
+++ b/views/default/output/tag.php
@@ -26,5 +26,9 @@ if (isset($vars['value'])) {
 		$type = "";
 	}
 	$url = elgg_get_site_url() . 'search?q=' . urlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}";
-	echo elgg_view('output/url', array('href' => $url, 'text' => $vars['value'], 'rel' => 'tag'));
+	echo elgg_view('output/url', array(
+		'href' => $url,
+		'text' => $vars['value'],
+		'rel' => 'tag',
+	));
 }
diff --git a/views/default/output/url.php b/views/default/output/url.php
index 79ab52377..81b02087d 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -10,7 +10,7 @@
  * @uses string $vars['href']        The unencoded url string
  * @uses bool   $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false)
  * @uses bool   $vars['is_action']   Is this a link to an action (false)
- *
+ * @uses bool   $vars['is_trusted']  Is this link trusted (false)
  */
 
 $url = elgg_extract('href', $vars, null);
@@ -37,11 +37,20 @@ if ($url) {
 
 	if (elgg_extract('is_action', $vars, false)) {
 		$url = elgg_add_action_tokens_to_url($url, false);
-		unset($vars['is_action']);
+	}
+
+	if (!elgg_extract('is_trusted', $vars, false)) {
+		if (!isset($vars['rel'])) {
+			$vars['rel'] = 'nofollow';
+			$url = strip_tags($url);
+		}
 	}
 
 	$vars['href'] = $url;
 }
 
+unset($vars['is_action']);
+unset($vars['is_trusted']);
+
 $attributes = elgg_format_attributes($vars);
-echo "<a $attributes>$text</a>";
\ No newline at end of file
+echo "<a $attributes>$text</a>";
diff --git a/views/default/page/elements/footer.php b/views/default/page/elements/footer.php
index 06fdb84a5..596d17bd3 100644
--- a/views/default/page/elements/footer.php
+++ b/views/default/page/elements/footer.php
@@ -17,5 +17,6 @@ echo elgg_view('output/url', array(
 	'href' => 'http://elgg.org',
 	'text' => "<img src=\"$powered_url\" alt=\"Powered by Elgg\" width=\"106\" height=\"15\" />",
 	'class' => '',
+	'is_trusted' => true,
 ));
 echo '</div>';
diff --git a/views/default/page/elements/tagcloud_block.php b/views/default/page/elements/tagcloud_block.php
index 8b67c9e37..258951c41 100644
--- a/views/default/page/elements/tagcloud_block.php
+++ b/views/default/page/elements/tagcloud_block.php
@@ -50,6 +50,7 @@ $cloud .= elgg_view_icon('tag');
 $cloud .= elgg_view('output/url', array(
 	'href' => 'tags',
 	'text' => elgg_echo('tagcloud:allsitetags'),
+	'is_trusted' => true,
 ));
 $cloud .= '</p>';
 
diff --git a/views/default/page/layouts/widgets/add_button.php b/views/default/page/layouts/widgets/add_button.php
index 89e83b096..c33a45f99 100644
--- a/views/default/page/layouts/widgets/add_button.php
+++ b/views/default/page/layouts/widgets/add_button.php
@@ -10,6 +10,7 @@
 		'text' => elgg_echo('widgets:add'),
 		'class' => 'elgg-button elgg-button-action',
 		'rel' => 'toggle',
+		'is_trusted' => true,
 	));
 ?>
 </div>
diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php
index c5a525733..6894b81e2 100644
--- a/views/default/river/elements/body.php
+++ b/views/default/river/elements/body.php
@@ -27,6 +27,7 @@ if ($summary === false) {
 		'href' => $subject->getURL(),
 		'text' => $subject->name,
 		'class' => 'elgg-river-subject',
+		'is_trusted' => true,
 	));
 }
 
@@ -52,6 +53,7 @@ if ($container instanceof ElggGroup && $container->guid != elgg_get_page_owner_g
 	$group_link = elgg_view('output/url', array(
 		'href' => $container->getURL(),
 		'text' => $container->name,
+		'is_trusted' => true,
 	));
 	$group_string = elgg_echo('river:ingroup', array($group_link));
 }
diff --git a/views/default/river/elements/responses.php b/views/default/river/elements/responses.php
index 8c5be6316..f6c32e142 100644
--- a/views/default/river/elements/responses.php
+++ b/views/default/river/elements/responses.php
@@ -50,6 +50,7 @@ if ($comments) {
 		$params = array(
 			'href' => $url,
 			'text' => elgg_echo('river:comments:more', array($num_more_comments)),
+			'is_trusted' => true,
 		);
 		$link = elgg_view('output/url', $params);
 		echo "<div class=\"elgg-river-more\">$link</div>";
diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php
index 4d80c29a6..84941131f 100644
--- a/views/default/river/elements/summary.php
+++ b/views/default/river/elements/summary.php
@@ -15,12 +15,14 @@ $subject_link = elgg_view('output/url', array(
 	'href' => $subject->getURL(),
 	'text' => $subject->name,
 	'class' => 'elgg-river-subject',
+	'is_trusted' => true,
 ));
 
 $object_link = elgg_view('output/url', array(
 	'href' => $object->getURL(),
 	'text' => $object->title ? $object->title : $object->name,
 	'class' => 'elgg-river-object',
+	'is_trusted' => true,
 ));
 
 $action = $item->action_type;
@@ -32,6 +34,7 @@ if ($container instanceof ElggGroup) {
 	$params = array(
 		'href' => $container->getURL(),
 		'text' => $container->name,
+		'is_trusted' => true,
 	);
 	$group_link = elgg_view('output/url', $params);
 	$group_string = elgg_echo('river:ingroup', array($group_link));
diff --git a/views/default/river/user/default/profileiconupdate.php b/views/default/river/user/default/profileiconupdate.php
index c7f691533..5c96747bd 100644
--- a/views/default/river/user/default/profileiconupdate.php
+++ b/views/default/river/user/default/profileiconupdate.php
@@ -10,6 +10,7 @@ $subject_link = elgg_view('output/url', array(
 	'href' => $subject->getURL(),
 	'text' => $subject->name,
 	'class' => 'elgg-river-subject',
+	'is_trusted' => true,
 ));
 
 $string = elgg_echo('river:update:user:avatar', array($subject_link));
diff --git a/views/default/river/user/default/profileupdate.php b/views/default/river/user/default/profileupdate.php
index a344131d6..69b69b106 100644
--- a/views/default/river/user/default/profileupdate.php
+++ b/views/default/river/user/default/profileupdate.php
@@ -9,6 +9,7 @@ $subject_link = elgg_view('output/url', array(
 	'href' => $subject->getURL(),
 	'text' => $subject->name,
 	'class' => 'elgg-river-subject',
+	'is_trusted' => true,
 ));
 
 $string = elgg_echo('river:update:user:profile', array($subject_link));
diff --git a/views/default/widgets/content_stats/content.php b/views/default/widgets/content_stats/content.php
index 6a652166c..56772047d 100644
--- a/views/default/widgets/content_stats/content.php
+++ b/views/default/widgets/content_stats/content.php
@@ -23,5 +23,6 @@ echo '<div class="mtm">';
 echo elgg_view('output/url', array(
 	'href' => 'admin/statistics/overview',
 	'text' => elgg_echo('more'),
+	'is_trusted' => true,
 ));
 echo '</div>';
-- 
cgit v1.2.3