W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: [Referrer] Adding a referrer attribute delivery mechanism

From: Mike West <mkwst@google.com>
Date: Thu, 12 Feb 2015 08:38:41 +0100
Message-ID: <CAKXHy=egDxOta4HAqBguDA_-Zn0K0L941sH4zTpQNMXm-Wo_eQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Martin Thomson <martin.thomson@gmail.com>, Brian Smith <brian@briansmith.org>, Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Feb 12, 2015 at 8:23 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Thu, Feb 12, 2015 at 7:54 AM, Martin Thomson
> <martin.thomson@gmail.com> wrote:
>> It seems like the right thing to do would be to remove rel=noreferrer
>> eventually, so being able to ignore it is easier than describing a
>> combination rule, or any rule where it takes precedence.  Both make it
>> harder to have it disappear.
>
> No, rel=noreferrer disables window.opener. We don't want to lose that.

In combination with `target="_blank"`, it also moves the target into a
fresh new process (in Chrome).

It wouldn't be a bad thing to explain this magic in some way that
doesn't require developers to dig through user agent's source to
figure that out, however.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany,
Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine
Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 12 February 2015 07:39:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC