Fix #313: make disowning nullify the opener browsing context

With this change, whenever an auxiliary browsing context is disowned, whether through setting window.opener to null, through using the rel=noreferrer and rel=noopener keywords, or through using the window.open() noopener /features/ argument, it isolates that browsing context from its opener. It will no longer be "familiar with" it, even same-origin, and its opener browsing context is explicitly set to null. It will still get its assigned name (e.g., from the target="" attribute) and will still be script closable.
whatwg · Nov 16, 2015 · b6ab3a0 · bzbarsky · Nov 19, 2015 · bzbarsky
1 parent 83c6889
commit b6ab3a0
Showing 1 changed file with 26 additions and 22 deletions.
diff --git a/source b/source
@@ -20977,8 +20977,8 @@ interface <dfn>HTMLHyperlinkElementUtils</dfn> {
 
    <li><p>If <var>subject</var>'s <a href="#linkTypes">link types</a> include the <code
    data-x="rel-noreferrer">noreferrer</code> or <code data-x="rel-noopener">noopener</code> keyword,
-   and <var>replace</var> is true, then <span data-x="disowned its opener">disown
-   <var>target</var>'s opener</span>.</p></li>
+   and <var>replace</var> is true, then <span data-x="disowned">disown</span>
+   <var>target</var>.</p></li>
 
    <li><p><span data-x="resolve a url">Resolve</span> the <span>URL</span> given by
    <var>subject</var>'s <code data-x="attr-hyperlink-href">href</code> attribute, relative to
@@ -21476,14 +21476,17 @@ interface <dfn>HTMLHyperlinkElementUtils</dfn> {
      <td><code data-x="rel-noreferrer">noreferrer</code></td>
      <td><em>not allowed</em></td>
      <td><span data-x="hyperlink annotation">Annotation</span></td>
-     <td>Requires that the user agent not send an HTTP `<code data-x="http-referer">Referer</code>` (sic) header if the user follows the hyperlink.</td>
+     <td>Indicates that any <span>browsing context</span> created by following the hyperlink is
+     <span>disowned</span> and that the user agent will not send an HTTP `<code
+     data-x="http-referer">Referer</code>` (sic) header if the user follows the hyperlink.</td>
     </tr>
 
     <tr>
      <td><code data-x="rel-noopener">noopener</code></td>
      <td><em>not allowed</em></td>
      <td><span data-x="hyperlink annotation">Annotation</span></td>
-     <td>Requires that any <span>browsing context</span> created by following the hyperlink must not have an <span>opener browsing context</span>.</td>
+     <td>Indicates that any <span>browsing context</span> created by following the hyperlink is
+     <span>disowned</span>.</td>
     </tr>
 
     <tr>
@@ -77726,9 +77729,9 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
   <p>A <span>browsing context</span> can have a <dfn>creator browsing context</dfn>, the
   <span>browsing context</span> that was responsible for its creation. If a <span>browsing
   context</span> has a <span>parent browsing context</span>, then that is its <span>creator browsing
-  context</span>. Otherwise, if the <span>browsing context</span> has an <span>opener browsing
-  context</span>, then <em>that</em> is its <span>creator browsing context</span>. Otherwise, the
-  <span>browsing context</span> has no <span>creator browsing context</span>.</p>
+  context</span>. Otherwise, if the <span>browsing context</span> has a non-null <span>opener
+  browsing context</span>, then <em>that</em> is its <span>creator browsing context</span>.
+  Otherwise, the <span>browsing context</span> has no <span>creator browsing context</span>.</p>
 
   <p>If a <span>browsing context</span> <var>A</var> has a <span>creator browsing
   context</span>, then the <code>Document</code> that was the <span>active document</span> of that
@@ -77951,20 +77954,21 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
   are always <span data-x="top-level browsing context">top-level browsing contexts</span>.</p>
 
   <p>An <span>auxiliary browsing context</span> has an <dfn>opener browsing context</dfn>, which is
-  the <span>browsing context</span> from which the <span>auxiliary browsing context</span> was
-  created.</p>
+  either null or the <span>browsing context</span> from which the <span>auxiliary browsing
+  context</span> was created.</p>
+
+  <p>When an <span>auxiliary browsing context</span> is <dfn
+  id="disowned-its-opener">disowned</dfn>, its <span>opener browsing context</span> must be set to
+  null.
 
 
   <h5>Navigating auxiliary browsing contexts in the DOM</h5>
 
   <p>The <dfn><code data-x="dom-opener">opener</code></dfn> IDL attribute on the <code>Window</code>
-  object, on getting, must return the <code>WindowProxy</code> object of the <span>browsing
-  context</span> from which the current <span>browsing context</span> was created (its <span>opener
-  browsing context</span>), if there is one, if it is still available, and if the current
-  <span>browsing context</span> has not <i data-x="disowned its opener">disowned its opener</i>;
-  otherwise, it must return null. On setting, if the new value is null then the current
-  <span>browsing context</span> must <dfn data-x="disowned its opener">disown its opener</dfn>; if
-  the new value is anything else then the user agent must
+  object, on getting, must return the <code>WindowProxy</code> object of the current <span>browsing
+  context</span>'s <span>opener browsing context</span>, if there is one; otherwise, it must return
+  null. On setting, if the new value is null then the current <span>browsing context</span> must be
+  <span>disowned</span>; if the new value is anything else then the user agent must
 
     <!-- dark magic incantation begins -->
     call the [[DefineOwnProperty]] internal method of the <code>Window</code> object, passing the
@@ -78000,13 +78004,14 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
 
    <li>Either the <span>origin</span> of the <span>active document</span> of <var>A</var>
    is the <span data-x="same origin">same</span> as the <span>origin</span> of the <span>active
-   document</span> of <var>B</var>, or</li>
+   document</span> of <var>B</var> and neither <var>A</var> nor <var>B</var> are
+   <span>disowned</span>, or</li>
 
    <li>The browsing context <var>A</var> is a <span>nested browsing context</span> with a
    <span>top-level browsing context</span>, and its <span>top-level browsing context</span> is <var>B</var>, or</li>
 
-   <li>The browsing context <var>B</var> is an <span>auxiliary browsing context</span> and
-   <var>A</var> is <span>familiar with</span> <var>B</var>'s <span>opener
+   <li>The browsing context <var>B</var> is an <span>auxiliary browsing context</span> that is not
+   <span>disowned</span> and <var>A</var> is <span>familiar with</span> <var>B</var>'s <span>opener
    browsing context</span>, or</li>
 
    <li>The browsing context <var>B</var> is not a <span>top-level browsing context</span>,
@@ -78870,9 +78875,8 @@ callback <dfn>FrameRequestCallback</dfn> = void (<span>DOMHighResTimeStamp</span
     <ol>
 
      <li><p>If the result of <span data-x="split a string on commas">splitting <var>features</var>
-     on commas</span> contains the token "<code data-x="">noopener</code>", <span data-x="disowned
-     its opener">disown <var>target browsing context</var>'s opener</span>, and return <code
-     data-x="">null</code>.</p></li>
+     on commas</span> contains the token "<code data-x="">noopener</code>", <span
+     data-x="disowned">disown</span> <var>target browsing context</var>, and return null.</p></li>
 
      <li><p>Otherwise, return the <code>WindowProxy</code> object of <var>target browsing
      context</var>.</p></li>