Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup how disowning works #4318

Closed
wants to merge 1 commit into from
Closed

Cleanup how disowning works #4318

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 17 additions & 17 deletions source
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23242,9 +23242,6 @@ document.body.appendChild(wbr);</code></pre>

<li><p>If <var>target</var> is null, then return.</p></li>

<li><p>If <var>noopener</var> and <var>replace</var> are true, then <span
data-x="disowned">disown</span> <var>target</var>.</p></li>

<li><p><span data-x="parse a url">Parse</span> the <span>URL</span> given by <var>subject</var>'s
<code data-x="attr-hyperlink-href">href</code> attribute, relative to <var>subject</var>'s
<span>node document</span>.</p></li>
Expand Down Expand Up @@ -23794,18 +23791,18 @@ document.body.appendChild(wbr);</code></pre>
<td><em>not allowed</em></td>
<td><span data-x="hyperlink annotation">Annotation</span></td>
<td class="no"> &middot; </td>
<td>Indicates that any <span>browsing context</span> created by following the hyperlink is
<span>disowned</span>.</td>
<td>Creates a <span>top-level browsing context</span> that is not an <span>auxiliary
browsing context</span> if the hyperlink would create either of those to begin with (i.e., has
an appropriate <code data-x="attr-hyperlink-target">target</code> attribute value).</td>
</tr>

<tr>
<td><code data-x="rel-noreferrer">noreferrer</code></td>
<td><em>not allowed</em></td>
<td><span data-x="hyperlink annotation">Annotation</span></td>
<td class="no"> &middot; </td>
<td>Indicates that any <span>browsing context</span> created by following the hyperlink is
<span>disowned</span> and will not get a `<code data-x="http-referer">Referer</code>` (sic)
header.</td>
<td>No `<code data-x="http-referer">Referer</code>` (sic) header will be included.
Additionally, has the same effect as <code data-x="rel-noopener">noopener</code>.</td>
</tr>

<tr>
Expand Down Expand Up @@ -24557,9 +24554,10 @@ document.body.appendChild(wbr);</code></pre>
data-x="hyperlink annotation">annotates</span> any other hyperlinks created by the element (the
implied hyperlink, if no other keywords create one).</p>

<p>The keyword indicates that any newly created <span>browsing context</span> which results from
following the <span>hyperlink</span> will be <span>disowned</span>, which means that its <code
data-x="dom-opener">window.opener</code> attribute will be null.</p>
<p>The keyword indicates that any newly created <span>top-level browsing context</span> which
results from following the <span>hyperlink</span> is not an <code>auxiliary browsing
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code -> span

context</code>. E.g., its <code data-x="dom-opener">window.opener</code> attribute will be
null.</p>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be good to link to where the processing model implements this, as an addition.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An example would be nice. A link that would normally create an auxiliary browsing context, plus one with noopener that does not.



<h5>Link type "<dfn><code data-x="rel-noreferrer">noreferrer</code></dfn>"</h5>
Expand Down Expand Up @@ -77591,20 +77589,21 @@ console.assert(iframeWindow.frameElement === null);
steps:</p>

<ol>
<li><p>If the current <span>browsing context</span> is not an <span>auxiliary browsing
context</span>, then return null.</p>

<li><p>If the current <span>browsing context</span> is <span>disowned</span>, then return
null.</p></li>

<li><p>If the current <span>browsing context</span> has no <span>opener browsing context</span>,
then return null.</p></li>

<li><p>Return the current <span>browsing context</span>'s <span>opener browsing context</span>'s
<code>WindowProxy</code> object.</p></li>
</ol>

<p>The <code data-x="dom-opener">opener</code> attribute's setter, must run these steps:</p>

<ol>
<li><p>If the given value is null, then <span data-x="disowned">disown</span> the current
<li><p>If the given value is null and the current <span>browsing context</span> is an
<span>auxiliary browsing context</span>, then <span data-x="disowned">disown</span> the current
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a normative change to fall back to step 2 for non-auxiliary browsing contexts, instead of returning. (Well, the previous spec would probably crash, since it would try to call "disown" on a non-auxiliary BC, which per its definition is not allowed. But I think a reasonable reading is that it would return.)

Have you tested what gets done in browsers?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm merging this into the other PR, but this is a good question that needs an answer either way.

const beforeDesc = Object.getOwnPropertyDescriptor(self, "opener"),
      openerGet = beforeDesc.get;

alert(openerGet());
self.opener = null;
self.opener = "test";
alert(openerGet());

in an iframe targeted with window.open('theabovedocument.html', 'theiframename') that alerts Window followed by null in Firefox. Chrome and Safari throw on openerGet() however. So yeah, disowning needs to affect all browsing contexts. I'm pretty sure from other tests it only affects link targeting when it's done on a auxiliary browsing context though.

<span>browsing context</span> and return.</p></li>

<li><p>Perform <span>OrdinaryDefineOwnProperty</span>(this <code>Window</code> object, "<code
Expand All @@ -77626,6 +77625,8 @@ console.assert(iframeWindow.frameElement === null);
data-x="">window.opener.location</code>, causing the <span>opener browsing context</span> to
navigate to a completely different document.</p>
</div>
<!-- The real effect is https://github.com/whatwg/html/issues/313, but that is yet to be
standardized properly. -->



Expand Down Expand Up @@ -78608,8 +78609,7 @@ dictionary <dfn>WindowPostMessageOptions</dfn> : <span>PostMessageOptions</span>
</ol>
</li>

<li><p>If <var>noopener</var> is true, then <span data-x="disowned">disown</span> <var>target
browsing context</var> and return null.</p></li>
<li><p>If <var>noopener</var> is true, then return null.</p></li>

<li><p>Return <var>target browsing context</var>'s <code>WindowProxy</code> object.</p></li>
</ol>
Expand Down