On Mon, Jan 5, 2015 at 11:17 PM, Nicholas C. Zakas <standa...@nczconsulting.com> wrote: > So my question is: is the spec incorrect in that it should reflect reality? > Or are browsers incorrect and we should be hounding them to fix this > behavior?
It depends on compatibility. It seems the Chrome team planned on measuring that, but ended up not doing it? Note that sites can use rel=noreferrer to disable window.opener. Perhaps there should be some CSP or sandbox directive to disable it as well. -- https://annevankesteren.nl/