This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 19893 - document.referrer should be based on the script entry point
Summary: document.referrer should be based on the script entry point
Status: RESOLVED DUPLICATE of bug 19662
Alias: None
Product: WHATWG
Classification: Unclassified
Component: HTML (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal
Target Milestone: Unsorted
Assignee: Ian 'Hixie' Hickson
QA Contact: contributor
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-07 18:42 UTC by Bobby Holley (:bholley)
Modified: 2013-03-25 23:22 UTC (History)
4 users (show)

See Also:

Attachments

Description Bobby Holley (:bholley) 2012-11-07 18:42:28 UTC 
See [1] for discussion, and [2] for the corresponding Gecko bug.

[1] http://lists.w3.org/Archives/Public/public-script-coord/2012OctDec/0014.html 
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=809290
Comment 1 Ian 'Hixie' Hickson 2013-02-04 23:52:42 UTC 
Bobby, can you confirm that your desire is for the answer in the example in the following e-mail to change from "B" (the calling script) to "A" (the entry script)?

http://lists.w3.org/Archives/Public/public-script-coord/2012OctDec/0071.html

If so, this is probably a duplicate of bug 19662.

Do you have an opinion on the issue in this e-mail?:

http://lists.w3.org/Archives/Public/public-script-coord/2012OctDec/0079.html
Comment 2 Bobby Holley (:bholley) 2013-02-05 10:25:35 UTC 
(In reply to comment #1)
> Bobby, can you confirm that your desire is for the answer in the example in
> the following e-mail to change from "B" (the calling script) to "A" (the
> entry script)?
> 
> http://lists.w3.org/Archives/Public/public-script-coord/2012OctDec/0071.html

Correct.

> Do you have an opinion on the issue in this e-mail?:
> 
> http://lists.w3.org/Archives/Public/public-script-coord/2012OctDec/0079.html

With our current architecture, it actually makes much more sense for us to keep using the sandbox flags of the source browsing context in determining whether script from one Window may navigate another.

The reason for this apparent inconsistency has to do with when the relevant checks happen. For document.referrer, we need to compute the referrer once the load is already well underway, where determining the source browsing context involves stack introspection. Conversely, we enforce (or will soon enforce in mozillabug 785310) navigation invariants at property access time. So in this case, we want to be able to statically compute whether Window A can navigate Window B, which doesn't work if we need to base that decision on the script entry point.

So I'd be in favor of continuing to use the sandbox flags from the source browsing context. Does that make things unmanageably ugly on the spec end?
Comment 3 Ian 'Hixie' Hickson 2013-03-25 23:22:11 UTC 
Ok I'm marking this as a dupe of bug 19662, since it looks like that will resolve all the issues here (and bug 19662 comment 12 supersedes this bug's comment 2's final paragraph). Please don't hesitate to reopen if I'm wrong in any way here.

*** This bug has been marked as a duplicate of bug 19662 ***