From a68a1f712b641981d7367d78758596b21a04521c Mon Sep 17 00:00:00 2001 From: Michael Layzell Date: Tue, 5 Sep 2017 14:56:03 -0700 Subject: [PATCH] Make noopener stop the copying of session storage This was discussed in #2681. Tests: https://bugzilla.mozilla.org/show_bug.cgi?id=1372662 Also fixes #2681's original issue by relocating the copying logic to the place where new browsing contexts are actually created, instead of it being located in the session storage portions of the spec. --- source | 76 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 44 insertions(+), 32 deletions(-) diff --git a/source b/source index 977b55ff2bd..1e38c118eca 100644 --- a/source +++ b/source @@ -22955,16 +22955,18 @@ interface HTMLHyperlinkElementUtils { base element.

+

  • Let noopener be true if subject's link + types include the noreferrer + or noopener keyword

    • +

  • Let target and replace be the result of applying the rules for - choosing a browsing context given targetAttributeValue and - source.

    • + choosing a browsing context given targetAttributeValue, source, and + noopener.

  • If target is null, then return.

    • -

  • If subject's link types include the noreferrer or noopener keyword, - and replace is true, then disown - target's opener.

    • +

  • If noopener and replace are true, then + disown target's opener.

  • Parse the URL given by subject's href attribute, relative to subject's @@ -76946,9 +76948,12 @@ dictionary DragEventInit : MouseEventInit {

    -

    To create a new browsing context:

    +

    To create a new browsing context, + optionally given noopener:

      +

    1. If noopener was not given, let it be false.

      2. +

    2. Let browsingContext be a new browsing context.

    3. @@ -77010,6 +77015,19 @@ dictionary DragEventInit : MouseEventInit {

    4. Add document to browsingContext's session history.

      5. + + +

    5. If noopener is false, browsingContext is a + top-level browsing context, and creator origin is same + origin with document's origin, then copy the sessionStorage storage area of the creator origin + from the creator browsing context into browsingContext's set of session + storage areas. These areas must be considered separate, not affecting each other in any + way.

      6. +

    6. Return browsingContext.

    @@ -77625,7 +77643,8 @@ console.assert(iframeWindow.frameElement === null);

    The rules for choosing a browsing context, given null or a browsing context name - name and a browsing context current, are as follows:

    + name, a browsing context current, and a + boolean noopener are as follows:

    1. Let chosen be null.

      2. @@ -77678,7 +77697,8 @@ console.assert(iframeWindow.frameElement === null);

      1. Set chosen to a new - top-level browsing context and new to true.

        2. + top-level browsing context given noopener, and set new to + true.

      2. Set chosen to an existing top-level browsing context.

      @@ -77695,11 +77715,11 @@ console.assert(iframeWindow.frameElement === null);

      Set chosen to a new - auxiliary browsing context, with the opener browsing context being - current, and set new to true. If name is not an ASCII - case-insensitive match for "_blank", then chosen's - name must be set to name (otherwise, it - has no name).

      + auxiliary browsing context given noopener with the opener + browsing context being current, and set new to true. If + name is not an ASCII case-insensitive match for "_blank", then chosen's name must be set to name (otherwise, it has no name).

      If the newly created browsing context is immediately navigated, then the navigation will be done with replacement @@ -78239,10 +78259,13 @@ callback FrameRequestCallback = void (DOMHighResTimeStamp

      If target is the empty string, then set target to "_blank".

      +

    2. Let noopener be true if tokenizedFeatures contains an entry with the key "noopener"

      3. +
    3. -

      Let target browsing context and new be the result of applying - the rules for choosing a browsing context given target and - source browsing context. +

      Let target browsing context and new be the result of applying the + rules for choosing a browsing context given target, source browsing + context, and noopener.

      If there is a user agent that supports control-clicking a link to open it in a new tab, and the user control-clicks on an element whose FrameRequestCallback = void (DOMHighResTimeStamp

      4. -

    4. If tokenizedFeatures contains an entry with - the key "noopener", then disown - target browsing context's opener and return null.

      5. +

    5. If noopener is true, then disown target + browsing context's opener and return null.

    6. Return target browsing context's WindowProxy object.

    @@ -98311,18 +98333,8 @@ interface WindowSessionStorage { object for its Window's sessionStorage attribute.

    -

    When a new top-level browsing context is created by cloning an existing - browsing context, the new browsing context must start with the same session storage - areas as the original, but the two sets must from that point on be considered separate, not - affecting each other in any way.

    - -

    When a new top-level browsing context is created by a script in an existing browsing context, or by the user - following a link in an existing browsing context, or in some other way related to a specific - Document, and the creation is not a new start for session storage, then the session - storage area of the origin of that Document must be copied into the new - browsing context when it is created. From that point on, however, the two session storage areas - must be considered separate, not affecting each other in any way.

    +

    While creating a new browsing context, the session storage area is sometimes copied over.

    When the setItem(), removeItem(), and