Bug 190481

Summary: Experiment: target=_blank on anchors should imply rel=noopener
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: 7raivis, achristensen, cdumez, commit-queue, esprehn+autocc, ews-watchlist, ggaren, gyuyoung.kim, rniwa, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/whatwg/html/issues/4078
Bug Depends on: 190475    
Bug Blocks:    
Attachments:
Description Flags
WIP Patch (needs dependency to land)
none
WIP Patch (needs dependency to land)
none
WIP Patch (needs dependency to land)
none
Patch
none
Patch none

Chris Dumez
Reported 2018-10-11 13:33:19 PDT
As an experiment, try and make it so that target=_blank on anchors implies `rel=noopener` for improved security. WebContent can then request an opener relationship by using `rel=opener` instead.
Attachments
WIP Patch (needs dependency to land) (14.42 KB, patch)
2018-10-11 14:21 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (needs dependency to land) (14.42 KB, patch)
2018-10-11 14:23 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (needs dependency to land) (14.31 KB, patch)
2018-10-11 15:05 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (20.85 KB, patch)
2018-10-15 10:07 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (21.01 KB, patch)
2018-10-15 10:12 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-10-11 14:21:45 PDT
Created attachment 352075 [details] WIP Patch (needs dependency to land)
Chris Dumez
Comment 2 2018-10-11 14:23:01 PDT
Created attachment 352076 [details] WIP Patch (needs dependency to land)
Chris Dumez
Comment 3 2018-10-11 15:05:47 PDT
Created attachment 352087 [details] WIP Patch (needs dependency to land)
Chris Dumez
Comment 4 2018-10-15 10:07:13 PDT
Created attachment 352336 [details] Patch
EWS Watchlist
Comment 5 2018-10-15 10:08:56 PDT
Attachment 352336 [details] did not pass style-queue: ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:283: Multi-line string ("...") found. This lint script doesn't do well with such strings, and may give bogus warnings. They're ugly and unnecessary, and you should use concatenation instead". [readability/multiline_string] [5] ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:286: Place brace on its own line for function definitions. [whitespace/braces] [4] ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:290: Multi-line string ("...") found. This lint script doesn't do well with such strings, and may give bogus warnings. They're ugly and unnecessary, and you should use concatenation instead". [readability/multiline_string] [5] ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:292: Multi-line string ("...") found. This lint script doesn't do well with such strings, and may give bogus warnings. They're ugly and unnecessary, and you should use concatenation instead". [readability/multiline_string] [5] Total errors found: 4 in 18 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 6 2018-10-15 10:12:49 PDT
Created attachment 352337 [details] Patch
EWS Watchlist
Comment 7 2018-10-15 10:14:39 PDT
Attachment 352337 [details] did not pass style-queue: ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:283: Multi-line string ("...") found. This lint script doesn't do well with such strings, and may give bogus warnings. They're ugly and unnecessary, and you should use concatenation instead". [readability/multiline_string] [5] ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:286: Place brace on its own line for function definitions. [whitespace/braces] [4] ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:290: Multi-line string ("...") found. This lint script doesn't do well with such strings, and may give bogus warnings. They're ugly and unnecessary, and you should use concatenation instead". [readability/multiline_string] [5] ERROR: Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:292: Multi-line string ("...") found. This lint script doesn't do well with such strings, and may give bogus warnings. They're ugly and unnecessary, and you should use concatenation instead". [readability/multiline_string] [5] Total errors found: 4 in 18 files If any of these errors are false positives, please file a bug against check-webkit-style.
WebKit Commit Bot
Comment 8 2018-10-15 14:21:15 PDT
Comment on attachment 352337 [details] Patch Clearing flags on attachment: 352337 Committed r237144: <https://trac.webkit.org/changeset/237144>
WebKit Commit Bot
Comment 9 2018-10-15 14:21:17 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 10 2018-10-15 14:22:26 PDT
<rdar://problem/45284150>
Note You need to log in before you can comment on or make changes to this bug.