Bug 282387
| Summary: | Consider using top-level site instead of origin when enforcing noopener on certain Blob URLs | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Andrew Williams <awillia> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, annevk, beidson, charliew, karlcow, webkit-bug-importer, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Andrew Williams
WebKit currently enforces noopener on Blob URL navigations when the Blob URL origin is cross-origin from the document top-level origin. Per the discussions in https://github.com/w3c/FileAPI/issues/153, we are in the process of updating the HTML spec to specify this behavior except using sites instead of origins (see: https://github.com/whatwg/html/pull/10731).
https://github.com/w3c/FileAPI/issues/153#issuecomment-2332086739 indicates that WebKit might be open to using site instead of origin for this as well. Opening this bug for tracking.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/139430442>