- From: Francois Marier <francois@mozilla.com>
- Date: Thu, 12 Feb 2015 18:19:24 +1300
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
It seems like the referrer spec should include (and extend) the capability provided by <a> and <area> in the HTML5 spec [1]: <a href="http://example.com" rel="noreferrer">Example</a> I've proposed an initial PR [2] that looks like this: <a href="http://example.com" referrer="no-referrer">Example</a> Of course, we could probably extend this to other elements, but my initial goal was to subsume the HTML5 link type. This new delivery mechanism would allow websites to specify a restrictive global policy (via <meta> or CSP) and then override it with a more permissive one on a <a> by <a> basis. Francois [1] https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer [2] https://github.com/w3c/webappsec/pull/175
Received on Thursday, 12 February 2015 05:19:57 UTC