- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 01 Jun 2009 21:14:42 +0200
- To: Adam Barth <w3c@adambarth.com>
- CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Adam Barth wrote: > On Mon, Jun 1, 2009 at 11:40 AM, Adam Barth <w3c@adambarth.com> wrote: >> With regards to the 'null' value, we should try to pick a value that's >> friendly to regular expressions (i.e., avoids . / [ and similar >> characters) because many web application firewalls (who would use this >> value) express their rules in terms of regular expressions. > > One possible value we could use is > > about:blank > > There is an I-D kicking around somewhere that defines the about > scheme. The author might be amenable to allowing about:blank to be > used here (e.g., as a "placeholder" URI when no other URI is > appropriate). > > Another possibility is to use something like > > about:noreferrer > > and define about:noreferrer to return a resource that describes what > the value means in the Referer header (e.g., the relevant requirements > from HTTPbis). That will be tricky to use, as it would be a downref to a Proposed Standard (*). HTTPbis will be (at least) one step ahead on the standards ladder). BR, Julian (*) Optimistically.
Received on Monday, 1 June 2009 19:15:27 UTC