This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
This proposal is an attempt to resolve the window.opener.location.href issue with cross-origin (and same-origin UGC?) navigations when target="_blank". This issue has been discussed previously[1] and a bug[2] in chromium has existed since 2013. Besides using "rel=noreferrer" or setting window.opener=null via javascript there appears no clean solution to this problem. I propose that a new rel=newcontext attribute be added which can be used to inform user agents that the navigation should be done in a new browsing context and, as a result, window.opener should be set to null. Many publishers wish to allow a referrer to be sent and the Referrer Policy[3] is moving towards a spec where there is more granular control over the document-level and even the link-level value of Referer (sic). Many sites wish to send the origin, for instance, and in these cases they cannot use "rel=noreferrer". This leaves them only Javascript to deal with this issue. I think there should be a way to do this via HTML only. Here is a quick summary and demo of the issue[4]. I've prepared a PR to the spec here[5]. [1] https://lists.w3.org/Archives/Public/public-whatwg-archive/2015Jan/0002.html [2] https://code.google.com/p/chromium/issues/detail?id=168988 [3] http://w3c.github.io/webappsec/specs/referrer-policy/ [4] http://hardstatics.com/thrower.html [5] https://github.com/w3c/html/pull/22
Sorry for getting back to you so late. Our GitHub repository is actually here: https://github.com/whatwg/html. Are there any browsers interested in implementing your proposal that you know?
https://github.com/whatwg/html/pull/290