- From: John Kemp <john@jkemp.net>
- Date: Wed, 11 Jun 2014 14:21:52 -0400
- To: Jochen Eisinger <eisinger@google.com>, public-webappsec@w3.org
- CC: Sid Stamm <sid@mozilla.com>, Adam Barth <abarth@google.com>, Mike West <mkwst@google.com>
Hello, On 06/11/2014 01:55 PM, Jochen Eisinger wrote: > Hey, > > I'd like to propose to create a more formal standard for referrer > policies. Until now, there is just a wiki entry at whatwg > (http://wiki.whatwg.org/wiki/Meta_referrer) and various other specs > (CSP, fetch) refer to referrer policies, however, there is no formal > standard. > > With a lot of help from Mike, we've put together a first draft here: > https://w3c.github.io/webappsec/specs/referrer-policy/ Thanks - looks like a good start! > > Any comments are more than welcome! How does this draft relate to the 'rel=noreferrer' attribute on <a/> tags? I see you refer to the "Javascript Global Environment" and one can imagine that this environment *might* impact how the rel=noreferrer is processed in the same way you describe via inheritance from the "global" environment, but it might be helpful to spell that out (and mention it in the introduction too). This issue is mentioned in http://wiki.whatwg.org/wiki/Meta_referrer, which appears to be a good (historical at least) related work for what you are doing here (and you might want to list it in the references since it appears to have some of the same content as this draft). Regards, - johnk > > best > -jochen
Received on Wednesday, 11 June 2014 18:22:52 UTC