Closed Bug 1522083 Opened 2 years ago Closed 1 month ago

Make target=_blank on a/area elements imply rel=noopener by default

Categories

(Core :: DOM: Core & HTML, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
mozilla79
Tracking Status
firefox67 --- disabled
firefox68 - wontfix
firefox79 --- fixed

People

(Reporter: annevk, Assigned: baku)

References

Details

(Keywords: dev-doc-complete, site-compat)

Attachments

(2 files)

We wanted to wait an additional cycle when we added this in 65. Nightly is now at 66, so it seems we can enable this by default as there's been nothing thus far in terms of fallout?

Flags: needinfo?(amarchesini)
Attached patch noreferrer.patchSplinter Review
Flags: needinfo?(amarchesini)
Attachment #9038500 - Flags: review?(ehsan)
Comment on attachment 9038500 [details] [diff] [review]
noreferrer.patch

Review of attachment 9038500 [details] [diff] [review]:
-----------------------------------------------------------------

It's too late to land this for 66 a we're in the soft freeze, but you can try to land it in the 67 cycle.  It is a good time to send an intent to ship and wait for the next uplift while people make their comments on dev-platform.  :-)
Attachment #9038500 - Flags: review?(ehsan) → review+

BTW I really would have preferred if we had shipped this and bug 1509346 together. I r+ed this in the interest of not having the perfect be the enemy of the good...

Priority: -- → P2
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/ebf9f694b72d
Enable noopener by default for area and anchor elements with target=_blank and no rel attribute set, r=ehsan
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Component: DOM → DOM: Core & HTML
Depends on: 1531289

Discussed with Ehsan and considering bug 1531289's fix touches a lot of page loading and can potentially cause a lot of regressions, it is a safer bet to let this ride on with 68 nightly (along with the fix for bug 1531289) but disable the pref in beta.

Baku, can you please backout the enabling of noopener by default for 67 beta?

Status: RESOLVED → REOPENED
Flags: needinfo?(amarchesini)
Resolution: FIXED → ---
Blocks: 1546415
Flags: needinfo?(amarchesini)

[Tracking Requested - why for this release]:
This was backed out in bug 1546415. We should enable this pref in 68 and also fix bug 1531289 in 68.

comment 6 sounds rather scary about landing bug 1531289 late... either way I'm not sure I need to track this for 68.

What are the odds of this landing for Firefox 68? It seems pretty unlikely at this point, but I need to try to be sure, since it's currently scheduled to be documented for 68.

Flags: needinfo?(amarchesini)

(In reply to Eric Shepherd [:sheppy] from comment #10)

What are the odds of this landing for Firefox 68? It seems pretty unlikely at this point, but I need to try to be sure, since it's currently scheduled to be documented for 68.

Sorry, this is my fault it's dropped off. There is still a test failure with the current patch.

I confirm that this is not going to be enabled for 68. We don't need to have it documented for 68.

Flags: needinfo?(amarchesini)
Depends on: 1536385
No longer depends on: 1536385
Regressions: 1591302
See Also: → 1570889
Depends on: 1353466

:baku, what blocks relanding this?

Flags: needinfo?(amarchesini)

Finally nothing. Let's land it!

Flags: needinfo?(amarchesini)
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/166d1d815d33
Enable noopener by default for area and anchor elements with target=_blank and no rel attribute set, r=ckerschb
Status: REOPENED → RESOLVED
Closed: 2 years ago1 month ago
Resolution: --- → FIXED

Posted a site compatibility note for the change.

Target Milestone: mozilla67 → mozilla79
You need to log in before you can comment on or make changes to this bug.