- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 12 Feb 2015 17:54:23 +1100
- To: Brian Smith <brian@briansmith.org>
- Cc: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 12 February 2015 at 17:35, Brian Smith <brian@briansmith.org> wrote: > So, it doesn't matter > whether rel=noreferrer takes precedence or we take the lower of both > values, because both result in "none". I actually think that given referrer=foo is newer and written with full knowledge of the rel=noreferrer option, we could interpret <a rel=noreferrer referrer=origin> as an intent to share the origin, but no more than that. A UA that doesn't support the new argument would fail closed, but that would be intentional. It seems like the right thing to do would be to remove rel=noreferrer eventually, so being able to ignore it is easier than describing a combination rule, or any rule where it takes precedence. Both make it harder to have it disappear.
Received on Thursday, 12 February 2015 06:54:50 UTC