Hi all, first post here so go easy on me. :) This proposal is an attempt to resolve the window.opener.location issue with cross-origin (and same-origin UGC?) navigations when target="_blank". This issue has been discussed previously[1] and a bug[2] in chromium has existed since 2013. Besides using "rel=noreferrer" or setting window.opener=null via javascript there appears no clean solution to this problem. I propose that a new rel=newcontext attribute be added which can be used to inform user agents that the navigation should be done in a new browsing context and, as a result, window.opener should be set to null. Many publishers wish to allow a referrer to be sent and the Referrer Policy[3] is moving towards a spec where there is more granular control over the document-level and even the link-level value of Referer (sic). Many sites wish to send the origin, for instance, and in these cases they cannot use "rel=noreferrer". This leaves them only Javascript to deal with this issue. I think there should be a way to do this via HTML only. Here is a quick summary and demo of the issue[4]. I've also prepared a PR[5] to the spec. Scott--[1]Â https://lists.w3.org/Archives/Public/public-whatwg-archive/2015Jan/0002.html[2]Â https://code.google.com/p/chromium/issues/detail?id=168988[3]Â http://w3c.github.io/webappsec/specs/referrer-policy/[4]Â http://hardstatics.com/thrower.html[5]Â https://github.com/w3c/html/pull/22ÂReceived on Thursday, 14 May 2015 02:48:03 UTC
This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:31 UTC