Re: [whatwg] Proposal for Links to Unrelated Browsing Contexts

On Mon, 1 Oct 2012, Glenn Maynard wrote:
> On Mon, Oct 1, 2012 at 5:10 PM, Ian Hickson <ian@hixie.ch> wrote:
> > > 
> > >  + have the new page be in a new browsing context
> >
> > ...it's a new browsing context (e.g. target="_blank").
> 
> I'm not very familiar with the browsing context concept: what's the 
> practical security issue here?

I'm not aware of any particular security issues involved here.


> (A good UI reason is "this is an expensive-to-load web app that's 
> typically used over a long term, so you rarely want to replace the tab 
> with links", eg. Gmail.

Right, that's bascally the use case. See the top of my recent long e-mail 
on this thread.


> The all-too-common bad reason is "we want people to keep pages open in 
> the user's browser for long as possible in the hopes that it'll make 
> them come back by accident, so we'll sprinkle target=_blank everywhere", 
> eg. amazon.co.jp makes *every search result* target=_blank.)  This is 
> abused so constantly that I disable it with browser.link.open_newwindow 
> in FF.

Presumably authors in such cases would not use rel=noreferrer; I don't see 
why they would want to.


On Mon, 1 Oct 2012, Boris Zbarsky wrote:
> >
> > I'm happy to make the spec not match implementations, if the 
> > implementations are going to change to match the spec. :-)
> 
> I certainly plan to change Gecko to make this stuff less lose there.
> 
> But full disclosure: I have been thus planning for at least 3 years.  I 
> don't know when I'll get to it.  It's not a small change.  :(

Let me know when you've changed it, and I'll look into changing the spec 
again. Right now, I don't think it makes sense to go against the tide. :-)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 2 October 2012 01:38:41 UTC