W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2015

[whatwg] Proposal: rel=newcontext

From: Scott Beardsley <sbeards@yahoo-inc.com>
Date: Thu, 14 May 2015 02:47:02 +0000 (UTC)
To: WHATWG List <whatwg@whatwg.org>
Message-ID: <1651958152.46414.1431571622807.JavaMail.yahoo@mail.yahoo.com>
Hi all, first post here so go easy on me. :)
This proposal is an attempt to resolve the window.opener.location issue with cross-origin (and same-origin UGC?) navigations when target="_blank". This issue has been discussed previously[1] and a bug[2] in chromium has existed since 2013. Besides using "rel=noreferrer" or setting window.opener=null via javascript there appears no clean solution to this problem.
I propose that a new rel=newcontext attribute be added which can be used to inform user agents that the navigation should be done in a new browsing context and, as a result, window.opener should be set to null. Many publishers wish to allow a referrer to be sent and the Referrer Policy[3] is moving towards a spec where there is more granular control over the document-level and even the link-level value of Referer (sic). Many sites wish to send the origin, for instance, and in these cases they cannot use "rel=noreferrer". This leaves them only Javascript to deal with this issue. I think there should be a way to do this via HTML only.
Here is a quick summary and demo of the issue[4]. I've also prepared a PR[5] to the spec.
Scott--[1] https://lists.w3.org/Archives/Public/public-whatwg-archive/2015Jan/0002.html[2] https://code.google.com/p/chromium/issues/detail?id=168988[3] http://w3c.github.io/webappsec/specs/referrer-policy/[4] http://hardstatics.com/thrower.html[5] https://github.com/w3c/html/pull/22
Received on Thursday, 14 May 2015 02:48:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:31 UTC