Make target=_blank on a/area elements imply rel=noopener by default
Categories
(Core :: DOM: Core & HTML, enhancement, P2)
Tracking
()
People
(Reporter: annevk, Assigned: baku)
References
(Blocks 1 open bug, Regressed 1 open bug)
Details
(Keywords: dev-doc-complete, site-compat)
Attachments
(2 files)
We wanted to wait an additional cycle when we added this in 65. Nightly is now at 66, so it seems we can enable this by default as there's been nothing thus far in terms of fallout?
Reporter | ||
Updated•6 years ago
|
Assignee | ||
Comment 1•6 years ago
|
||
Comment 2•6 years ago
|
||
Comment on attachment 9038500 [details] [diff] [review] noreferrer.patch Review of attachment 9038500 [details] [diff] [review]: ----------------------------------------------------------------- It's too late to land this for 66 a we're in the soft freeze, but you can try to land it in the 67 cycle. It is a good time to send an intent to ship and wait for the next uplift while people make their comments on dev-platform. :-)
Comment 3•6 years ago
|
||
BTW I really would have preferred if we had shipped this and bug 1509346 together. I r+ed this in the interest of not having the perfect be the enemy of the good...
Updated•6 years ago
|
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ebf9f694b72d Enable noopener by default for area and anchor elements with target=_blank and no rel attribute set, r=ehsan
Comment 5•6 years ago
|
||
bugherder |
Updated•6 years ago
|
Comment 6•6 years ago
|
||
Discussed with Ehsan and considering bug 1531289's fix touches a lot of page loading and can potentially cause a lot of regressions, it is a safer bet to let this ride on with 68 nightly (along with the fix for bug 1531289) but disable the pref in beta.
Baku, can you please backout the enabling of noopener by default for 67 beta?
Comment 8•6 years ago
|
||
[Tracking Requested - why for this release]:
This was backed out in bug 1546415. We should enable this pref in 68 and also fix bug 1531289 in 68.
Comment 9•6 years ago
|
||
comment 6 sounds rather scary about landing bug 1531289 late... either way I'm not sure I need to track this for 68.
Comment 10•5 years ago
|
||
What are the odds of this landing for Firefox 68? It seems pretty unlikely at this point, but I need to try to be sure, since it's currently scheduled to be documented for 68.
Comment 11•5 years ago
|
||
(In reply to Eric Shepherd [:sheppy] from comment #10)
What are the odds of this landing for Firefox 68? It seems pretty unlikely at this point, but I need to try to be sure, since it's currently scheduled to be documented for 68.
Sorry, this is my fault it's dropped off. There is still a test failure with the current patch.
Updated•5 years ago
|
Assignee | ||
Comment 12•5 years ago
|
||
I confirm that this is not going to be enabled for 68. We don't need to have it documented for 68.
Assignee | ||
Comment 13•5 years ago
|
||
Comment 16•4 years ago
|
||
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/166d1d815d33 Enable noopener by default for area and anchor elements with target=_blank and no rel attribute set, r=ckerschb
Comment 17•4 years ago
|
||
bugherder |
Comment 18•4 years ago
|
||
Posted a site compatibility note for the change.
Reporter | ||
Updated•4 years ago
|
Comment 19•4 years ago
|
||
I've documented this on MDN; see https://github.com/mdn/sprints/issues/3416#issuecomment-653106688 for the full details.
Updated•4 years ago
|
Description
•