- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Wed, 07 Jan 2015 14:18:42 -0500
- To: public-webappsec@w3.org
On 1/7/15 1:58 PM, Brad Hill wrote: > Basically, Site X has a link to Site Y that opens in a new tab. Site Y > can then use window.opener.navigate to change the tab that used to > contain Site X to something else in the background. The user may not > notice this switcheroo and can be possibly exploited when they go back > to the tab expecting it is still Site X. > > The only current mitigation is for Site X to open the new tab to a > location it controls first Or using rel="noreferrer" on the link, right? This issue was discussed at http://lists.w3.org/Archives/Public/public-whatwg-archive/2015Jan/0002.html over the last few days. > I wonder what people think of possibly adding an additional directive to > referrer-policy, "disown-window-opener", that instructs the user agent > to apply https://html.spec.whatwg.org/#disowned-its-opener automatically > as it performs a navigation. So effectively treat all links in the document as rel="noreferrer"? -Boris
Received on Wednesday, 7 January 2015 19:19:12 UTC