Consider not setting browsing context name when noopener/noreferrer are used #4314
Labels
security/privacy
There are security or privacy implications
topic: browsing context
topic: navigation
Comments
annevk
added
topic: navigation
security/privacy
|
Per #1826 this isn't really web-compatible as name-lookup has to happen first for noreferrer at least and we might as well keep noopener consistent with that. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Basically with noopener/noreferrer a document is proclaiming not to want anything to do with some other document, but can still set some state for that other document. (This is also true with sandboxing flags, but that's a much more understandable case.)
Mozilla is somewhat interested in not propagating name here (
testin the example above).Would others be interested in following that?
cc @cdumez @rniwa @mikewest @mystor
The text was updated successfully, but these errors were encountered: