On Wed, Nov 21, 2018 at 11:55 PM Boris Zbarsky <bzbar...@mit.edu> wrote:

> On 11/21/18 11:50 PM, Ehsan Akhgari wrote:
> > Would it be OK if the answer to that question be "use window.open()"?
> Can one do noreferrer with window.open()?

Yes, by passing 'noopener' in the features argument:

> Also, if your thing doing the navigation is a <form>, not <a>, then
> window.open is pretty hard to use for that.  Then again, <form
> target="_blank"> is not that common...

That's true, this wouldn't cover the form submission use case.

Which reminds me, it's impossible to block opener reference creation upon
form submission right now as far as I can tell.  This is actually a bug in
the spec.  <
calls into "rules for choosing a browsing context" passing only two
arguments, omitting the third one (noopener) <

I wonder if it makes sense to make a similar change here, to make <form
target="_blank"> imply noopener behaviour and then if that proves to be Web
compatible, propose to change the spec to pass false there?

dev-platform mailing list

Reply via email to