Contact emailsyoavwe...@chromium.org Explainerhttps://gist.github.com/yoavweiss/c7b61e97e6f8d207be619f87ab96ead5
Specificationhttps://github.com/whatwg/html/pull/10394 Summary Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application. In such cases, it can be beneficial for a document to ensure its opener cannot script it, even if the opener document is a same-origin one. The `noopener-allow-popups` Cross-Origin-Opener-Policy value will allow documents to define that. Blink componentBlink <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/964 TAG review statusPending Risks Interoperability and Compatibility Compatibility risk: As this feature adds a new COOP value, it doesn't run a risk of colliding with existing values. Where we may see some risk is when developers start using this value in ways that would surprise other teams on their origins. (as they would no longer have scripting access to opened documents) I don't expect that to happen often, and if it would it's something that developers would find out at development time. So I don't expect that to impact users. Interoperability risk: Too early to tell as positions/PR was just filed. *Gecko*: No signal ( https://github.com/mozilla/standards-positions/issues/1037) *WebKit*: No signal ( https://github.com/WebKit/standards-positions/issues/360) *Web developers*: No signals *Other signals*: Security None: https://gist.github.com/yoavweiss/3cb7283f56717f6dfe6da05009a27a65 WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Goals for experimentation Ongoing technical constraints None Debuggability None Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? It will be: https://chromium-review.googlesource.com/c/chromium/src/+/5581251/8/third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/coop-noopener-allow-popups.https.html Flag name on chrome://flagsNone Finch feature nameNone Non-finch justificationNone Requires code in //chrome?False Tracking bughttps://issues.chromium.org/issues/344963946 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5163293877731328 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSJj33d%3D0B0tNpD0qrYWzygx0i02bWdhbV3aSCgbjS3Ndw%40mail.gmail.com.
