- From: John Kemp <john@jkemp.net>
- Date: Wed, 11 Jun 2014 14:42:22 -0400
- To: Jochen Eisinger <eisinger@google.com>
- CC: public-webappsec@w3.org, Sid Stamm <sid@mozilla.com>, Adam Barth <abarth@google.com>, Mike West <mkwst@google.com>
On 06/11/2014 02:31 PM, Jochen Eisinger wrote: > > > > On Wed, Jun 11, 2014 at 11:21 AM, John Kemp <john@jkemp.net > <mailto:john@jkemp.net>> wrote: [...] > > How does this draft relate to the 'rel=noreferrer' attribute on <a/> > tags? I see you refer to the "Javascript Global Environment" and one > can imagine that this environment *might* impact how the > rel=noreferrer is processed in the same way you describe via > inheritance from the "global" environment, but it might be helpful > to spell that out (and mention it in the introduction too). > > > that's covered in step 6 of the "Set request’s Referer header" > algorithm, no? OK, yes, that looks good, presuming that you are only addressing Javascript, and that the issue you mention is addressed. There were two specific things I was interested in: * That the rel=noreferrer is not mentioned in the introduction, so it is not clear there is any link between this document and that particular usage. * That this appears to be all related only to the Javascript environment, and yet it is an interaction between two HTML declarations. It is, I believe, still possible to parse (and interpret) HTML without using Javascript - but I presume this is considered beyond the scope of this document? > > > This issue is mentioned in > http://wiki.whatwg.org/wiki/__Meta_referrer > <http://wiki.whatwg.org/wiki/Meta_referrer>, which appears to be a > good (historical at least) related work for what you are doing here > (and you might want to list it in the references since it appears to > have some of the same content as this draft). > > > It's linked to in paragraph 7 Also list it under "informative references"? Regards, - johnk > > best > -jochen > > > Regards, > > - johnk > > > best > -jochen > >
Received on Wednesday, 11 June 2014 18:42:58 UTC