- From: Scott Beardsley <sbeards@yahoo-inc.com>
- Date: Thu, 14 May 2015 02:47:02 +0000 (UTC)
- To: WHATWG List <whatwg@whatwg.org>
Hi all, first post here so go easy on me. :) This proposal is an attempt to resolve the window.opener.location issue with cross-origin (and same-origin UGC?) navigations when target="_blank". This issue has been discussed previously[1] and a bug[2] in chromium has existed since 2013. Besides using "rel=noreferrer" or setting window.opener=null via javascript there appears no clean solution to this problem. I propose that a new rel=newcontext attribute be added which can be used to inform user agents that the navigation should be done in a new browsing context and, as a result, window.opener should be set to null. Many publishers wish to allow a referrer to be sent and the Referrer Policy[3] is moving towards a spec where there is more granular control over the document-level and even the link-level value of Referer (sic). Many sites wish to send the origin, for instance, and in these cases they cannot use "rel=noreferrer". This leaves them only Javascript to deal with this issue. I think there should be a way to do this via HTML only. Here is a quick summary and demo of the issue[4]. I've also prepared a PR[5] to the spec. Scott--[1] https://lists.w3.org/Archives/Public/public-whatwg-archive/2015Jan/0002.html[2] https://code.google.com/p/chromium/issues/detail?id=168988[3] http://w3c.github.io/webappsec/specs/referrer-policy/[4] http://hardstatics.com/thrower.html[5] https://github.com/w3c/html/pull/22
Received on Thursday, 14 May 2015 02:48:03 UTC