Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

From: Zac Spitzer [mailto:zac.spitzer@gmail.com] 

> how about rather than requiring this on every <a> why not support a base tag directive  for the whole document i.e. <base rel="noopener">, similar to <base target="_blank">?

Yes, this is a good idea to include in a general framework for imposing such self-restrictions on your page, such as CSP: https://github.com/w3c/webappsec/issues/139. 

Received on Friday, 2 December 2016 01:49:15 UTC