- From: Andrew Williams <notifications@github.com>
- Date: Mon, 28 Oct 2024 10:34:33 -0700
- To: w3c/FileAPI <FileAPI@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 28 October 2024 17:34:37 UTC
Thanks for the feedback everyone! I have PRs up to partition Blob URL fetches and revocation by Storage Key: - https://github.com/whatwg/fetch/pull/1783 - https://github.com/w3c/FileAPI/pull/201 Regarding enforcing noopener on cross-top-level-site Blob URLs, while reading the spec I learned that there are more cases than just window.open where window.opener can be set in the new window, specifically clicks on 'a' elements, clicks on 'area' elements, or form submissions where `target="_blank" rel="opener"` is used by those elements. We should enforce noopener in these cases as well, and IIUC https://github.com/WebKit/WebKit/pull/7549 already made changes to handle this in WebKit. We'll work on adding WPTs for those additional cases and will capture this broader change in our subsequent spec PR as well unless anyone has any objections. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/FileAPI/issues/153#issuecomment-2442215316 You are receiving this because you are subscribed to this thread. Message ID: <w3c/FileAPI/issues/153/2442215316@github.com>
Received on Monday, 28 October 2024 17:34:37 UTC