W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: [Referrer] Adding a referrer attribute delivery mechanism

From: Brian Smith <brian@briansmith.org>
Date: Wed, 11 Feb 2015 22:15:46 -0800
Message-ID: <CAFewVt7LzzCFJKo4qr2v=RiJ=T28Xf91EBQPVCuva3_jwt1VbA@mail.gmail.com>
To: Francois Marier <francois@mozilla.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Francois Marier <francois@mozilla.com> wrote:
> I've proposed an initial PR [2] that looks like this:
>
>   <a href="http://example.com" referrer="no-referrer">Example</a>

I think this is a great idea.

> Of course, we could probably extend this to other elements, but my
> initial goal was to subsume the HTML5 link type.

I suggest, to start with, extending it to <img> and <iframe>, so that
the page can control how much of the referrer header is sent to ads.

I made some comments on the PR already, mostly about
s/no-referrer/none/ to match the rest of the spec.

Also, it needs to be defined what happens when the link has <a
rel=noreferrer referrer=unsafe-url>. I suggest specifying that the
rel=noreferrer takes precedence.

Cheers,
Brian
Received on Thursday, 12 February 2015 06:16:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC