Skip to content
This repository has been archived by the owner on Jul 30, 2019. It is now read-only.

Port noopener. #523

Closed
mikewest opened this issue Jul 15, 2016 · 5 comments
Closed

Port noopener. #523

mikewest opened this issue Jul 15, 2016 · 5 comments
Assignees
@travisleithead
Labels
security WHATWG Port
Milestone
HTML 5.2 WD 5

Comments

@mikewest
Copy link
Member

The noopener link relation is part of Secure Context's requirements, implemented by Chrome and Firefox, and @plehegar partially ported it (accidentally?) into HTML as part of 61663e2. It would be lovely to actually port it over in toto.
@mikewest
Copy link
Member Author

Hrm. I was wrong about the commit. It was apparently part of the "Import" in a023b06. If that's the case, I'm very confused about where most of the definition actually went. :/

@chaals
Copy link
Collaborator

chaals commented Jul 15, 2016

Hi Mike,

this is related to #170 and it seems a priori that we should integrate the link type, and refer to Secure Context for a definition.

In that context it would be helpful if you could let us know of other specs that extend HTML, so we can at least try to have the right set of pointers…

@chaals
Copy link
Collaborator

chaals commented Jul 15, 2016

(In this case it seems we also have interop, so it's a pretty good candidate for an early draft of HTML 5.2)

@mikewest
Copy link
Member Author

I'm not sure this is something that can be well-addressed via modularity. Secure Contexts does not define the behavior of the noopener link relation: instead, Secure Contexts relies on the behavior that noopener offers in order to explain its behavior in certain classes of navigation, see https://w3c.github.io/webappsec-secure-contexts/#example-30335756 for instance.

noopener's behavior is fairly deeply bound up with navigation and document creation algorithms. See step 4 of https://html.spec.whatwg.org/#following-hyperlinks-2 and step 13 of https://html.spec.whatwg.org/#dom-open (as well as the related changes around https://html.spec.whatwg.org/#disowned-its-opener).

Looking at Secure Contexts, again, however, I don't think we need noopener ported before we can advance. We only use it in an example; the normative work is done by checking a document's browsing context's opener browsing context which should be similar enough between the WHATWG and W3C documents.

@mikewest mikewest mentioned this issue Jul 19, 2016
Closed
@travisleithead travisleithead self-assigned this Jul 19, 2016
@mikewest
Copy link
Member Author

mikewest commented Oct 7, 2016

This is something that Secure Contexts doesn't rely on in a normative way, but certainly relies on in principle.

/cc @adanilo @hillbrad

@travisleithead travisleithead added this to the HTML 5.2 WD 3 milestone Oct 24, 2016
@LJWatson LJWatson modified the milestones: HTML 5.2 WD 4, HTML 5.2 WD 3 Jan 10, 2017
@travisleithead travisleithead mentioned this issue Feb 17, 2017
Merged
arronei pushed a commit that referenced this issue Feb 17, 2017
@travisleithead @arronei
Fix #523: port noopener (#800)
318147e
W3C-HTML-Bot pushed a commit that referenced this issue Feb 17, 2017
Built by Travis-CI: 318147e Fix #523: port noopener (#800)
0650401
arronei pushed a commit to arronei/html that referenced this issue Apr 17, 2017
@travisleithead @arronei
Fix w3c#523: port noopener (w3c#800)
57a30a2
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@travisleithead travisleithead

Labels
security WHATWG Port
Projects
None yet
Milestone
HTML 5.2 WD 5
Development

No branches or pull requests
4 participants
@mikewest @travisleithead @LJWatson @chaals