Bug 1521542 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Anne (:annevk)

on 2019-01-21 07:41:50 PST

index.html:

<iframe srcdoc="<a href=popup.html target=test rel=noreferrer>Open a popup?</a>" sandbox="allow-popups"></iframe>

popup.html:

<script> document.write("Origin: " + self.origin + "<br>Name" + self.name); </script>


I think ideally we'd ignore rel="noreferrer noopener" and create an auxiliary browsing context. Supporting non-auxiliary browsing contexts with inherited states seems like complexity that's better avoided, but perhaps there are some implications I haven't thought through.

Revision 1 by

Anne (:annevk)

on 2019-01-21 07:50:21 PST

index.html:
```html
<iframe srcdoc="<a href=popup.html target=test rel=noreferrer>Open a popup?</a>" sandbox="allow-popups"></iframe>
```

popup.html:
```html
<script> document.write("Origin: " + self.origin + "<br>Name" + self.name); </script>
```

I think ideally we'd ignore rel="noreferrer noopener" and create an auxiliary browsing context. Supporting non-auxiliary browsing contexts with inherited states seems like complexity that's better avoided, but perhaps there are some implications I haven't thought through.

Revision 2 by

Anne (:annevk)

on 2019-01-21 08:04:09 PST

index.html:
```html
<iframe srcdoc="<a href=popup.html target=test rel=noreferrer>Open a popup?</a>" sandbox="allow-popups"></iframe>
```

popup.html:
```html
<script> document.write("Origin: " + self.origin + "<br>Name:" + self.name); </script>
```

I think ideally we'd ignore rel="noreferrer noopener" and create an auxiliary browsing context. Supporting non-auxiliary browsing contexts with inherited states seems like complexity that's better avoided, but perhaps there are some implications I haven't thought through.

Back to Bug 1521542 Comment 0