Re: Standardize referrer policy from Jochen Eisinger on 2014-06-11 (public-webappsec@w3.org from June 2014)

From: Jochen Eisinger <eisinger@google.com>
Date: Wed, 11 Jun 2014 11:52:45 -0700
To: John Kemp <john@jkemp.net>
Cc: public-webappsec@w3.org, Sid Stamm <sid@mozilla.com>, Adam Barth <abarth@google.com>, Mike West <mkwst@google.com>
Message-ID: <CALjhuiebVPYKKkZO+iY2V-_uuPfxWEU1Km=5YvTW7MZwv2BB9g@mail.gmail.com>

On Wed, Jun 11, 2014 at 11:42 AM, John Kemp <john@jkemp.net> wrote:

> On 06/11/2014 02:31 PM, Jochen Eisinger wrote:
>
>>
>>
>>
>> On Wed, Jun 11, 2014 at 11:21 AM, John Kemp <john@jkemp.net
>> <mailto:john@jkemp.net>> wrote:
>>
>
> [...]
>
>
>
>>     How does this draft relate to the 'rel=noreferrer' attribute on <a/>
>>     tags? I see you refer to the "Javascript Global Environment" and one
>>     can imagine that this environment *might* impact how the
>>     rel=noreferrer is processed in the same way you describe via
>>     inheritance from the "global" environment, but it might be helpful
>>     to spell that out (and mention it in the introduction too).
>>
>>
>> that's covered in step 6 of the "Set request's Referer header"
>> algorithm, no?
>>
>
> OK, yes, that looks good, presuming that you are only addressing
> Javascript, and that the issue you mention is addressed.
>
> There were two specific things I was interested in:
>
> * That the rel=noreferrer is not mentioned in the introduction, so it is
> not clear there is any link  between this document and that particular
> usage.
>

ok, I can fix that.


> * That this appears to be all related only to the Javascript environment,
> and yet it is an interaction between two HTML declarations. It is, I
> believe, still possible to parse (and interpret) HTML without using
> Javascript - but I presume this is considered beyond the scope of this
> document?
>
>
It's supposed to also work for HTML only (or any other language binding). I
defer to Mike on the language used to describe that


>
>>
>>     This issue is mentioned in
>>     http://wiki.whatwg.org/wiki/__Meta_referrer
>>     <http://wiki.whatwg.org/wiki/Meta_referrer>, which appears to be a
>>
>>     good (historical at least) related work for what you are doing here
>>     (and you might want to list it in the references since it appears to
>>     have some of the same content as this draft).
>>
>>
>> It's linked to in paragraph 7
>>
>
> Also list it under "informative references"?
>
> will do


>
> Regards,
>
> - johnk
>
>
>> best
>> -jochen
>>
>>
>>     Regards,
>>
>>     - johnk
>>
>>
>>         best
>>         -jochen
>>
>>
>>

Received on Wednesday, 11 June 2014 18:53:33 UTC