- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 2 Oct 2012 01:37:45 +0000 (UTC)
- To: Glenn Maynard <glenn@zewt.org>, Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: whatwg@whatwg.org
On Mon, 1 Oct 2012, Glenn Maynard wrote: > On Mon, Oct 1, 2012 at 5:10 PM, Ian Hickson <ian@hixie.ch> wrote: > > > > > > + have the new page be in a new browsing context > > > > ...it's a new browsing context (e.g. target="_blank"). > > I'm not very familiar with the browsing context concept: what's the > practical security issue here? I'm not aware of any particular security issues involved here. > (A good UI reason is "this is an expensive-to-load web app that's > typically used over a long term, so you rarely want to replace the tab > with links", eg. Gmail. Right, that's bascally the use case. See the top of my recent long e-mail on this thread. > The all-too-common bad reason is "we want people to keep pages open in > the user's browser for long as possible in the hopes that it'll make > them come back by accident, so we'll sprinkle target=_blank everywhere", > eg. amazon.co.jp makes *every search result* target=_blank.) This is > abused so constantly that I disable it with browser.link.open_newwindow > in FF. Presumably authors in such cases would not use rel=noreferrer; I don't see why they would want to. On Mon, 1 Oct 2012, Boris Zbarsky wrote: > > > > I'm happy to make the spec not match implementations, if the > > implementations are going to change to match the spec. :-) > > I certainly plan to change Gecko to make this stuff less lose there. > > But full disclosure: I have been thus planning for at least 3 years. I > don't know when I'll get to it. It's not a small change. :( Let me know when you've changed it, and I'll look into changing the spec again. Right now, I don't think it makes sense to go against the tide. :-) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 2 October 2012 01:38:41 UTC