- From: Brian Smith <brian@briansmith.org>
- Date: Wed, 11 Feb 2015 22:35:05 -0800
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Martin Thomson <martin.thomson@gmail.com> wrote: > On 12 February 2015 at 17:15, Brian Smith <brian@briansmith.org> wrote: >> Also, it needs to be defined what happens when the link has <a >> rel=noreferrer referrer=unsafe-url>. I suggest specifying that the >> rel=noreferrer takes precedence. > > Precedence, or lower of both values? The only rel value we have for controlling referrer now is "noreferrer." If we add this referrer attribute, we have no reason to add any new rel values for controlling referrer. So, it doesn't matter whether rel=noreferrer takes precedence or we take the lower of both values, because both result in "none". To be crystal clear, in my proposal [1] I suggested adding rel=originreferrer, but I think adding the referrer attribute is a better alternative to doing that. Cheers, Brian [1] https://briansmith.org/referrer-01
Received on Thursday, 12 February 2015 06:35:32 UTC