- From: Nicholas C. Zakas <standards@nczconsulting.com>
- Date: Wed, 07 Jan 2015 12:55:56 -0800
- To: whatwg@lists.whatwg.org
Yeah, that works well if you're dealing with bleeding-edge browsers only. Not so much elsewhere. :-/ Unfortunately, this isn't a case where progressive enhancement is a suitable approach to dealing with such a security issue. -N On 1/6/2015 12:16 PM, Boris Zbarsky wrote: > On 1/6/15 3:10 PM, Nicholas C. Zakas wrote: >> Yes, if we do it with window.open(), then it's possible to set opener to >> null. However, if you click on a link with target=_blank, window.opener >> is set as well. > > Not if you use rel="nofollow", per spec. Browser support there is > still spotty but improving. > > Of course that affects more than just window.opener (e.g. affects > whether a referrer is sent).... > > -Boris -- ___________________________ Nicholas C. Zakas http://www.nczonline.net
Received on Wednesday, 7 January 2015 20:56:19 UTC