From af22fbd7a33a76952aa592b7817e62c9372e7926 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Fri, 1 Feb 2019 15:17:09 +0100 Subject: [PATCH 1/2] Support
In particular to enable noopener, noreferrer, and opener values. Also default target=_blank to noopener. Tests: ... Fixes #2983. --- source | 243 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 158 insertions(+), 85 deletions(-) diff --git a/source b/source index b6ba5aaa029..e3a04aa8dc5 100644 --- a/source +++ b/source @@ -22530,10 +22530,10 @@ document.body.appendChild(wbr);

Introduction

-

Links are a conceptual construct, created by a, area, and - link elements, that represent a connection between - two resources, one of which is the current Document. There are two kinds of links in - HTML:

+

Links are a conceptual construct, created by a, area, + form, and link elements, that represent + a connection between two resources, one of which is the current Document. There are + two kinds of links in HTML:

@@ -22571,6 +22571,13 @@ document.body.appendChild(wbr); beyond linking the element's node document to the resource given by the element's href attribute.

+

Similarly, for form elements with a rel + attribute, links must be created for the keywords of the rel + attribute as defined for those keywords in the link types section. + form elements that do not have a rel attribute, + or whose rel attribute has no keywords that are defined as + specifying hyperlinks, must also create a hyperlink. +

A hyperlink can have one or more hyperlink annotations that modify the processing semantics of that hyperlink.

@@ -23212,6 +23219,29 @@ document.body.appendChild(wbr); the form element. The exception for a elements is for compatibility with web content.

+

To get an element's noopener, given an a, area, or + form element element and a string target, run these steps:

+ +
    +

  1. Let noopener be false.

    2. + +
  2. +

    Set noopener to true if one of the following is true:

    + +
      +
    • element's link types include the noopener or noreferrer + keyword.
      • + +
    • element's link types do + not include the opener keyword and target is an + ASCII case-insensitive match for "_blank".
      • +
    +
    3. + +

  3. Return noopener.

    4. +
+

When a user follows a hyperlink created by an element subject, optionally with a hyperlink suffix, the user agent must run the following steps:

@@ -23230,20 +23260,9 @@ document.body.appendChild(wbr); targetAttributeValue to the result of getting an element's target given subject.

-
  • -

    Let noopener be true if one of the following is true:

    - -
      -
    • subject's link types include the noreferrer or noopener - keyword.
      • - -
    • subject's link types do - not include the opener keyword and - targetAttributeValue is an ASCII case-insensitive match for "_blank".
      • -
    -
    • +

  • Let noopener be the result of getting + an element's noopener with subject and + targetAttributeValue.

  • Let target and replace be the result of applying the rules for choosing a browsing context given targetAttributeValue, source, and @@ -23646,8 +23665,8 @@ document.body.appendChild(wbr);

    -

    To determine which link types apply to a link, a, or - area element, the element's rel attribute must be To determine which link types apply to a link, a, area, + or form element, the element's rel attribute must be split on ASCII whitespace. The resulting tokens are the keywords for the link types that apply to that element.

    @@ -23683,21 +23702,22 @@ document.body.appendChild(wbr); Link type - Effect on... + Effect on... body-ok Brief description link a and area + form alternate - Hyperlink - Hyperlink + Hyperlink + not allowed · Gives alternate representations of the current document. @@ -23705,15 +23725,15 @@ document.body.appendChild(wbr); canonical Hyperlink - not allowed + not allowed · Gives the preferred URL for the current document. author - Hyperlink - Hyperlink + Hyperlink + not allowed · Gives a link to the author of the current document or article. @@ -23722,6 +23742,7 @@ document.body.appendChild(wbr); bookmark not allowed Hyperlink + not allowed · Gives the permalink for the nearest ancestor section. @@ -23731,7 +23752,7 @@ document.body.appendChild(wbr); dns-prefetch External Resource - not allowed + not allowed Yes Specifies that the user agent should preemptively perform DNS resolution for the target resource's origin. @@ -23741,14 +23762,14 @@ document.body.appendChild(wbr); external not allowed Annotation + not allowed · Indicates that the referenced document is not part of the same site as the current document. help - Hyperlink - Hyperlink + Hyperlink · Provides a link to context-sensitive help. @@ -23756,7 +23777,7 @@ document.body.appendChild(wbr); icon External Resource - not allowed + not allowed · Imports an icon to represent the current document. @@ -23764,7 +23785,7 @@ document.body.appendChild(wbr); modulepreload External Resource - not allowed + not allowed Yes Specifies that the user agent must preemptively fetch the module script and store it in the document's module map for later @@ -23773,16 +23794,14 @@ document.body.appendChild(wbr); license - Hyperlink - Hyperlink + Hyperlink · Indicates that the main content of the current document is covered by the copyright license described by the referenced document. next - Hyperlink - Hyperlink + Hyperlink · Indicates that the current document is a part of a series, and that the next document in the series is the referenced document. @@ -23790,7 +23809,7 @@ document.body.appendChild(wbr); nofollow not allowed - Annotation + Annotation · Indicates that the current document's original author or publisher does not endorse the referenced document. @@ -23798,7 +23817,7 @@ document.body.appendChild(wbr); noopener not allowed - Annotation + Annotation · Creates a top-level browsing context that is not an auxiliary browsing context if the hyperlink would create either of those to begin with (i.e., has @@ -23808,7 +23827,7 @@ document.body.appendChild(wbr); noreferrer not allowed - Annotation + Annotation · No `Referer` (sic) header will be included. Additionally, has the same effect as noopener. @@ -23817,7 +23836,7 @@ document.body.appendChild(wbr); opener not allowed - Annotation + Annotation · Creates an auxiliary browsing context if the hyperlink would otherwise create a top-level browsing context that is not an auxiliary browsing @@ -23828,7 +23847,7 @@ document.body.appendChild(wbr); pingback External Resource - not allowed + not allowed Yes Gives the address of the pingback server that handles pingbacks to the current document. @@ -23836,7 +23855,7 @@ document.body.appendChild(wbr); preconnect External Resource - not allowed + not allowed Yes Specifies that the user agent should preemptively connect to the target resource's origin. @@ -23844,7 +23863,7 @@ document.body.appendChild(wbr); prefetch External Resource - not allowed + not allowed Yes Specifies that the user agent should preemptively fetch and cache the target resource as it is likely to be required for a followup navigation. @@ -23852,7 +23871,7 @@ document.body.appendChild(wbr); preload External Resource - not allowed + not allowed Yes Specifies that the user agent must preemptively fetch and cache the target resource for current navigation according to the potential destination given by the as attribute (and the priority associated with the corresponding destination). @@ -23860,23 +23879,21 @@ document.body.appendChild(wbr); prerender External Resource - not allowed + not allowed Yes Specifies that the user agent should preemptively fetch the target resource and process it in a way that helps deliver a faster response in the future. prev - Hyperlink - Hyperlink + Hyperlink · Indicates that the current document is a part of a series, and that the previous document in the series is the referenced document. search - Hyperlink - Hyperlink + Hyperlink · Gives a link to a resource that can be used to search through the current document and its related pages. @@ -23884,7 +23901,7 @@ document.body.appendChild(wbr); stylesheet External Resource - not allowed + not allowed Yes Imports a style sheet. @@ -23893,6 +23910,7 @@ document.body.appendChild(wbr); tag not allowed Hyperlink + not allowed · Gives a tag (identified by the given address) that applies to the current document. @@ -23900,11 +23918,6 @@ document.body.appendChild(wbr); - -
    Link type "alternate"
    @@ -24039,7 +24052,6 @@ document.body.appendChild(wbr);
    • -
    Link type "author"

    The author keyword may be used with link, @@ -24150,11 +24162,12 @@ document.body.appendChild(wbr);

    Link type "help"

    The help keyword may be used with link, - a, and area elements. This keyword creates a hyperlink.

    + a, area, and form elements. This keyword creates a + hyperlink.

    -

    For a and area elements, the help - keyword indicates that the referenced document provides further help information for the parent of - the element defining the hyperlink, and its children.

    +

    For a, area, and form elements, the help keyword indicates that the referenced document provides further help + information for the parent of the element defining the hyperlink, and its children.

    @@ -24323,7 +24336,8 @@ document.body.appendChild(wbr);
    Link type "license"

    The license keyword may be used with link, - a, and area elements. This keyword creates a hyperlink.

    + a, area, and form elements. This keyword creates a + hyperlink.

    The license keyword indicates that the referenced document provides the copyright license terms under which the main content of the current document is @@ -24556,10 +24570,10 @@ document.body.appendChild(wbr);

    Link type "nofollow"
    -

    The nofollow keyword may be used with a and - area elements. This keyword does not create a hyperlink, but annotates any other hyperlinks created by the element (the - implied hyperlink, if no other keywords create one).

    +

    The nofollow keyword may be used with a, + area, and form elements. This keyword does not create a + hyperlink, but annotates any other + hyperlinks created by the element (the implied hyperlink, if no other keywords create one).

    The nofollow keyword indicates that the link is not endorsed by the original author or publisher of the page, or that the link to the referenced document was @@ -24569,10 +24583,10 @@ document.body.appendChild(wbr);

    Link type "noopener"
    -

    The noopener keyword may be used with a and - area elements. This keyword does not create a hyperlink, but annotates any other hyperlinks created by the element (the - implied hyperlink, if no other keywords create one).

    +

    The noopener keyword may be used with a, + area, and form elements. This keyword does not create a + hyperlink, but annotates any other + hyperlinks created by the element (the implied hyperlink, if no other keywords create one).

    The keyword indicates that any newly created top-level browsing context which results from following the hyperlink will not be an auxiliary browsing @@ -24604,10 +24618,10 @@ document.body.appendChild(wbr);

    Link type "noreferrer"
    -

    The noreferrer keyword may be used with a and - area elements. This keyword does not create a hyperlink, but annotates any other hyperlinks created by the element (the - implied hyperlink, if no other keywords create one).

    +

    The noreferrer keyword may be used with a, + area, and form elements. This keyword does not create a + hyperlink, but annotates any other + hyperlinks created by the element (the implied hyperlink, if no other keywords create one).

    It indicates that no referrer information is to be leaked when following the link.

    @@ -24630,10 +24644,10 @@ document.body.appendChild(wbr);
    Link type "opener"
    -

    The opener keyword may be used with a and - area elements. This keyword does not create a hyperlink, but annotates any other hyperlinks created by the element (the - implied hyperlink, if no other keywords create one).

    +

    The opener keyword may be used with a, + area, and form elements. This keyword does not create a + hyperlink, but annotates any other + hyperlinks created by the element (the implied hyperlink, if no other keywords create one).

    The keyword indicates that any newly created top-level browsing context which results from following the hyperlink will be an auxiliary browsing @@ -24739,7 +24753,8 @@ document.body.appendChild(wbr);

    Link type "search"

    The search keyword may be used with link, - a, and area elements. This keyword creates a hyperlink.

    + a, area, and form elements. This keyword creates a + hyperlink.

    The search keyword indicates that the referenced document provides an interface specifically for searching the document and its related resources.

    @@ -24748,7 +24763,7 @@ document.body.appendChild(wbr); the search link type to enable user agents to autodiscover search interfaces.

    - +
    Link type "stylesheet"

    The stylesheet keyword may be used with link @@ -24972,7 +24987,6 @@ document.body.appendChild(wbr);

    -
    Link type "tag"
    @@ -25061,7 +25075,8 @@ document.body.appendChild(wbr);
    Link type "next"

    The next keyword may be used with link, - a, and area elements. This keyword creates a hyperlink.

    + a, area, and form elements. This keyword creates a + hyperlink.

    The next keyword indicates that the document is part of a sequence, and that the link is leading to the document that is the next logical document in the @@ -25082,7 +25097,8 @@ document.body.appendChild(wbr);

    Link type "prev"

    The prev keyword may be used with link, - a, and area elements. This keyword creates a hyperlink.

    + a, area, and form elements. This keyword creates a + hyperlink.

    The prev keyword indicates that the document is part of a sequence, and that the link is leading to the document that is the previous logical document in @@ -25181,6 +25197,30 @@ document.body.appendChild(wbr); +

    Effect on... form
    +
    +

    One of the following:

    + +
    +
    Not allowed
    +
    The keyword must not be specified on form elements.
    + +
    Hyperlink
    +
    The keyword may be specified on form elements; it creates a + hyperlink.
    + +
    External Resource
    +
    The keyword may be specified on form elements; it creates an external + resource link.
    + +
    Hyperlink Annotation
    +
    The keyword may be specified on form elements; it annotates other hyperlinks created by the + element.
    +
    +
    + +
    Brief description

    A short non-normative description of what the keyword's meaning is.

    @@ -43037,6 +43077,7 @@ interface HTMLTableCellElement : HTMLElement {
    name
    novalidate
    target
    +
    rel
    DOM interface:
    [Exposed=Window,
@@ -43053,6 +43094,8 @@ interface HTMLFormElement : HTMLElement {
   [CEReactions] attribute DOMString name;
   [CEReactions] attribute boolean noValidate;
   [CEReactions] attribute DOMString target;
+  [CEReactions] attribute DOMString rel;
+  [SameObject, PutForwards=value] readonly attribute DOMTokenList relList;
 
   [SameObject] readonly attribute HTMLFormControlsCollection elements;
   readonly attribute unsigned long length;
@@ -43104,6 +43147,20 @@ interface HTMLFormElement : HTMLElement {
   and target attributes are attributes for form
   submission.
    
 
+  
    The rel attribute on form elements
+  controls what kinds of links the elements create. The attribute's value must be a unordered
+  set of unique space-separated tokens. The allowed keywords and their
+  meanings are defined in an earlier section.
    
+
+  
    rel's supported
+  tokens are the keywords defined in HTML link types which are
+  allowed on form elements, impact the processing model, and are supported by the user
+  agent. The possible supported tokens are noreferrer, noopener, and opener. rel's supported tokens must only include the tokens from this
+  list that the user agent implements the processing model for.
    
+
   
    
 
    
    form . elements
    
@@ -43192,13 +43249,17 @@ interface HTMLFormElement : HTMLElement {
   reflect the content attribute of the same name, limited to only known
   values.
    
 
-  
    The name IDL attribute must reflect
-  the content attribute of the same name.
    
+  
    The name and rel IDL attributes must reflect the content
+  attribute of the same name.
    
 
   
    The acceptCharset IDL attribute must
   reflect the accept-charset content
   attribute.
    
 
+  
    The relList IDL attribute must
+  reflect the rel content attribute.
    
+
   
    
 
   
    The elements IDL attribute must return an
@@ -56078,9 +56139,12 @@ fur
    be the result of getting an element's target given
    submitter's form owner.
    
 
+   
  • Let noopener be the result of getting
+   an element's noopener with form and targetAttributeValue.
    • 
+
    
  • Let target browsing context and replace be the result of applying
-   the rules for choosing a browsing context using target and form
-   browsing context.
    • 
+   the rules for choosing a browsing context using target, form
+   browsing context, and noopener.
    
 
    
  • If target browsing context is null, then return.
    • 
 
@@ -56142,6 +56206,14 @@ fur
     user agent is required to plan to navigate to a particular resource destination, it must run the following steps:
    
 
     
      
+     
    1. If destination is not a request, then
+     set destination to a new request whose URL is destination.
      2. 
+
+     
    2. If the form element's link types include the noreferrer keyword, then set destination's referrer to "no-referrer".
      3. 
 
      
    3. If the form has a non-null planned navigation, remove it from
      its task queue.
      4. 
@@ -122653,6 +122725,7 @@ INSERT INTERFACES HERE
   Olivia (Xiaoni) Lai, 
   Olivier Gendrin,
   Olli Pettay,
+  Ondřej Žára, 
   Ori Avtalion,
   oSand, 
   Pablo Flouret,

From d6b55791a670cdb25a77eee709da65edb743b0cd Mon Sep 17 00:00:00 2001
From: Anne van Kesteren 
Date: Mon, 11 Feb 2019 16:38:23 +0100
Subject: [PATCH 2/2] address feedback

---
 source | 41 +++++++++++++++++------------------------
 1 file changed, 17 insertions(+), 24 deletions(-)

diff --git a/source b/source
index e3a04aa8dc5..0821bd2d31a 100644
--- a/source
+++ b/source
@@ -23223,23 +23223,16 @@ document.body.appendChild(wbr);
    form element element and a string target, run these steps:

      -

    1. Let noopener be false.

      2. - -
    2. -

      Set noopener to true if one of the following is true:

      +

    3. If element's link types include the noopener or noreferrer + keyword, then return true.

      4. -
        -
      • element's link types include the noopener or noreferrer - keyword.
        • - -
      • element's link types do - not include the opener keyword and target is an - ASCII case-insensitive match for "_blank".
        • -
      - +

    4. If element's link types + do not include the opener keyword and target is an + ASCII case-insensitive match for "_blank", then return + true.

      5. -

    5. Return noopener.

      6. +

    6. Return false.

    When a user follows a hyperlink created by an element @@ -23761,8 +23754,7 @@ document.body.appendChild(wbr); external not allowed - Annotation - not allowed + Annotation · Indicates that the referenced document is not part of the same site as the current document. @@ -24150,10 +24142,10 @@ document.body.appendChild(wbr);

    Link type "external"
    -

    The external keyword may be used with a and - area elements. This keyword does not create a hyperlink, but annotates any other hyperlinks created by the element (the - implied hyperlink, if no other keywords create one).

    +

    The external keyword may be used with a, + area, and form elements. This keyword does not create a + hyperlink, but annotates any other + hyperlinks created by the element (the implied hyperlink, if no other keywords create one).

    The external keyword indicates that the link is leading to a document that is not part of the site that the current document forms a part of.

    @@ -43111,9 +43103,10 @@ interface HTMLFormElement : HTMLElement {
    Uses HTMLFormElement.
    -

    The form element represents a collection of form-associated elements, some of which can represent - editable values that can be submitted to a server for processing.

    +

    The form element represents a hyperlink that can be + manipulated through a collection of form-associated + elements, some of which can represent editable values that can be submitted to a server for + processing.

    The accept-charset attribute gives the character encodings that are to be used for the submission. If specified, the value must be an