Summary: The idea is to be able to write
<a target="_blank" rel="noopener" href="someone-I-don't-trust">Go
there</a>
and not have "someone-I-don't-trust" be able to get hold of your window
via window.opener.
This is already possible with rel="noreferrer", but that also prevents
sending a referrer, which is undesirable in cases like search engine
result pages.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
Link to standard: https://html.spec.whatwg.org/#following-hyperlinks-2
step 4.
Platform coverage: all platforms.
Estimated or target release: Firefox 48 or 49 depending on how long this
discussion and reviews take.
Preference behind which this will be implemented: None.
Support in other engines: Supported in Blink. Not sure about others.
Possible issues:
1) This is not feature-detectible, as far as I can see. So it's not
clear to me that sites will know they can use this, short of relying on
browser sniffing.
2) Unlike Blink we are _not_ implementing the window.open feature yet.
That's tracked in
<https://bugzilla.mozilla.org/show_bug.cgi?id=1267339>. This is either
mitigated or exacerbated by issue #1, depending on how you want to look
at it....
-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
