Experiment: target=_blank on anchors should imply rel=noopener
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 15 Oct 2018 21:21:07 +0000 (21:21 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 15 Oct 2018 21:21:07 +0000 (21:21 +0000)
commit4c5bffc5cce44960c2279ceb5d8f7ac39e9e0a5e
tree25c225f5f364335bdcd5d361e2b548ee7a96ef34
parent6fddf379f4d2c23195ec687b2a498cfeecc57fa5
Experiment: target=_blank on anchors should imply rel=noopener
https://bugs.webkit.org/show_bug.cgi?id=190481

Reviewed by Alex Christensen.

Source/WebCore:

As an experiment, try and make it so that target=_blank on anchors implies `rel=noopener` for improved security.
WebContent can then request an opener relationship by using `rel=opener` instead.

This change was discussed at:
- https://github.com/whatwg/html/issues/4078

We want to attempt this change is STP to see if it is Web-compatible. Preliminary testing seems to indicate
that OAuth workflows still work.

* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::parseAttribute):
(WebCore::HTMLAnchorElement::handleClick):
(WebCore::HTMLAnchorElement::effectiveTarget const):
* html/HTMLAnchorElement.h:
* page/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::setBlankAnchorTargetImpliesNoOpenerEnabled):
(WebCore::RuntimeEnabledFeatures::blankAnchorTargetImpliesNoOpenerEnabled const):

Source/WebKit:

* Shared/WebPreferences.yaml:

Tools:

Add API test coverage to make sure we can now swap process when target=_blank
is specified on an anchor but rel=noopener is not.

* TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

LayoutTests:

Update existing tests to reflect behavior change.

* TestExpectations:
* http/tests/navigation/no-referrer-reset.html:
* http/tests/security/resources/referrer-policy-redirect-link.html:
* http/tests/security/xss-DENIED-script-inject-into-inactive-window2-pson.html:
* http/tests/security/xss-DENIED-script-inject-into-inactive-window2.html:
* http/tests/security/xssAuditor/link-opens-new-window.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@237144 268f45cc-cd09-0410-ab3c-d52691b4dbfc
18 files changed:
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/navigation/anchor-blank-target-implies-rel-noopener-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/navigation/anchor-blank-target-implies-rel-noopener.html [new file with mode: 0644]
LayoutTests/http/tests/navigation/no-referrer-reset.html
LayoutTests/http/tests/navigation/resources/anchor-blank-target-implies-rel-noopener-win.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/referrer-policy-redirect-link.html
LayoutTests/http/tests/security/xss-DENIED-script-inject-into-inactive-window2-pson.html
LayoutTests/http/tests/security/xss-DENIED-script-inject-into-inactive-window2.html
LayoutTests/http/tests/security/xssAuditor/link-opens-new-window.html
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLAnchorElement.cpp
Source/WebCore/html/HTMLAnchorElement.h
Source/WebCore/page/RuntimeEnabledFeatures.h
Source/WebKit/ChangeLog
Source/WebKit/Shared/WebPreferences.yaml
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm