- From: Nick Burris <notifications@github.com>
- Date: Thu, 17 Oct 2019 08:20:27 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 17 October 2019 15:20:30 UTC
Sorry, I misread your comment. Yes, one of the security restrictions is that we restrict to "top-level browsing contexts without an opener" i.e. we check that window.opener is null, even for same-origin. Does this cover the case you're referring to? Or is there a case where window.opener is null but the noopener attribute wasn't specified? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/392#issuecomment-543225905
Received on Thursday, 17 October 2019 15:20:30 UTC