W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

referrer policy questions

From: Sid Stamm <sid@mozilla.com>
Date: Mon, 20 Oct 2014 10:17:38 -0700
Message-ID: <544543B2.5070704@mozilla.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Group,

I'm implementing <meta> referrer for Firefox, and a couple of questions
have come up in the process.  The draft I'm using is the 10 September
ED: https://w3c.github.io/webappsec/specs/referrer-policy/

1. Whitespace and policy parsing

What behavior is intended for a referrer policy string of "   "?  It's
not the empty string, but is entirely whitespace.  The spec says to
ignore the <meta> tag if the content attribute is equal to the empty
string, then later on when determining the token's policy, the result is
"no referrer".  Result is:

<meta name="referrer" content="">      -> tag ignored
<meta name="referrer" content="   ">   -> no-referrer policy used

I would like both content="" and content="   " to have the same
behavior, probably "tag ignored".

Can we move "or if that attribute’s value is the empty string, then
abort these steps" out of step 2, and do that check on meta-value
instead (step 4)?

2. Case Sensitivity

I'd like to do a case-insensitive compare to check the policy token
("NEVER" would work as well as "never" or "No-Referrer").  Currently the
spec doesn't say how to do the comparison, but says things like:

> "If token is never or no-referrer, return _No Referrer_."

Which suggests a case sensitive comparison.  Can we make this clearly
case-insensitive compares?

Cheers, all.

-Sid
Received on Monday, 20 October 2014 17:18:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC