W3C home > Mailing lists > Public > public-script-coord@w3.org > October to December 2012

Re: [whatwg] Document referrer and script entry point

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 23 Oct 2012 10:20:28 -0400
Message-ID: <5086A7AC.4020104@mit.edu>
To: Ian Hickson <ian@hixie.ch>
CC: Bobby Holley <bobbyholley@gmail.com>, Adam Barth <w3c@adambarth.com>, public-script-coord@w3.org
On 10/23/12 2:34 AM, Ian Hickson wrote:
> I need to study whether we should do that, or change the definition of
> source browsing context. It'd be a bit weird for them to be different.
> Also, I expect that if it's good to remove the logic that's Gecko
> currently has to do the Referer stuff, then it'd be equally good to remove
> that logic for the other things the source browsing context is used for,
> e.g. the sandbox security checks.
>
> Filed https://www.w3.org/Bugs/Public/show_bug.cgi?id=19662

Security information is associated with compiled script, in the end, not 
with browsing contexts.

Can you point to where we use source browsing contexts for security 
checks?  That seems very odd to me.

Also note something I said earlier in this thread: if navigation is 
triggered by calling click() on an <a> element, the referrer should 
probably be the URI of the ownerDocument of that element, not anything 
related to scripts in any way.

-Boris
Received on Tuesday, 23 October 2012 14:20:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:30:07 UTC