- From: Brian Smith <brian@briansmith.org>
- Date: Wed, 11 Feb 2015 22:15:46 -0800
- To: Francois Marier <francois@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Francois Marier <francois@mozilla.com> wrote: > I've proposed an initial PR [2] that looks like this: > > <a href="http://example.com" referrer="no-referrer">Example</a> I think this is a great idea. > Of course, we could probably extend this to other elements, but my > initial goal was to subsume the HTML5 link type. I suggest, to start with, extending it to <img> and <iframe>, so that the page can control how much of the referrer header is sent to ads. I made some comments on the PR already, mostly about s/no-referrer/none/ to match the rest of the spec. Also, it needs to be defined what happens when the link has <a rel=noreferrer referrer=unsafe-url>. I suggest specifying that the rel=noreferrer takes precedence. Cheers, Brian
Received on Thursday, 12 February 2015 06:16:14 UTC