referrerpolicyDocument's CSP list algorithm on the {{Document}}
+ 5. Set the {{Document}}'s referrer policy to the result of
+ parsing the Referrer-Policy header of the response
+ used to generate the document. [[!REFERRERPOLICY]]
+ 6. Execute the Initialize a Document's CSP list algorithm on the {{Document}}
object and the resource used to generate the document. [[CSP3]]
- 6. Set [=the document's referrer=] to the
+ 7. Set [=the document's referrer=] to the
address of the resource from which Request-URIs are obtained as determined when the
fetch algorithm obtained the resource, if that algorithm was used and determined such a value;
otherwise, set it to the empty string.
- 7. Implement the sandboxing for the {{Document}}.
- 8. If the active sandboxing flag set of the {{Document}}'s browsing context or any
+ 8. Implement the sandboxing for the {{Document}}.
+ 9. If the active sandboxing flag set of the {{Document}}'s browsing context or any
of its ancestor browsing contexts (if any) have the
sandboxed fullscreen browsing context flag set, then skip this step.
diff --git a/sections/elements.include b/sections/elements.include
index 335554bb88..6ad9ad1f45 100644
--- a/sections/elements.include
+++ b/sections/elements.include
@@ -29,7 +29,8 @@
<{links/download}>;
<{links/rel}>;
<{links/hreflang}>;
- <{links/type}>
+ <{links/type}>;
+ <{link/referrerpolicy}>
`Referrer-Policy` header algorithm
+ * The "no-referrer",
+ "no-referrer-when-downgrade", and
+ "unsafe-url" referrer policies
+
: Web IDL
:: The IDL fragments in this specification must be interpreted as required for conforming IDL
fragments, as described in the Web IDL specification. [[!WEBIDL]]
@@ -3770,6 +3780,33 @@
missing value default, used when the attribute is omitted, is the
No CORS state.
+ name attribute set to referrer.`Referrer-Policy` HTTP
+ header.nonce — Cryptographic nonce used in Content Security Policy checks [[CSP3]]hreflang — Language of the linked resourcetype — Hint for the type of the referenced resourcereferrerpolicy - Referrer policy for fetches initiated by the elementsizes — Sizes of the icons (for <{link/rel}>="icon")referrerpolicy attribute is a
+ referrer policy attribute. It is intended for use with external resource links,
+ where it helps set the referrer policy used when obtaining the external resource.
+ [[!REFERRERPOLICY]].
The title attribute gives the title of the link.
With one exception, it is purely advisory. The value is text. The exception is for style sheet
@@ -525,6 +530,10 @@
+ The referrerPolicy IDL attribute must
+ reflect the referrerpolicy
+ content attribute, limited to only known values.
+
The IDL attribute relList must
reflect the <{link/rel}> content attribute.
@@ -630,7 +639,9 @@
{{Window}} object's environment settings object.
6. Set request's cryptographic nonce metadata to the current state of the
<{link}> element's <{link/nonce}> content attribute.
- 7. Fetch request.
+ 7. Set request's referrer policy to the current state of the
+ <{link}> element's <{link/referrerpolicy}> content attribute.
+ 8. Fetch request.
User agents may opt to only try to obtain such resources when they are needed, instead of
pro-actively fetching all the external resources that are not applied.
@@ -963,6 +974,63 @@
inappropriate keywords.
+ : referrer
+
+ :: The value must be a referrer policy, which defines the default
+ referrer policy for the Document. [[!REFERRERPOLICY]]
+
+ If any meta elements are inserted into the document or
+ removed from the document, or existing meta elements have their name
+ or content attributes changed, user agents must run the following algorithm:
+
+ 1. Let candidate elements be the list of all meta elements that
+ meet the following criteria, in tree order:
name attribute, whose value is referrercontent attribute, whose value is not the empty stringLet value be the value of element's content attribute,
+ converted to [=ASCII lowercase=].
If value is one of the values given in the first column of the following + table, then set value to the value given in the second column:
+ +| Legacy value + | Referrer policy + |
|---|---|
never
+ | no-referrer
+ |
default
+ | no-referrer-when-downgrade
+ |
always
+ | unsafe-url
+ |
origin-when-crossorigin
+ | origin-when-cross-origin
+ |
If value is a referrer policy, then set element's + node document's referrer policy to policy.
+ + +The fact that these steps are applied for each element enables deployment of + fallback values for older user agents. [[!REFERRERPOLICY]]
+ + +ismap - Whether the image is a server-side image mapwidth - Horizontal dimensionheight - Vertical dimensionreferrerpolicy - Referrer policy for fetches initiated by the elementpresentation or none
@@ -730,6 +731,7 @@
readonly attribute unsigned long naturalHeight;
readonly attribute boolean complete;
readonly attribute DOMString currentSrc;
+ attribute DOMString referrerPolicy;
};
referrerpolicy attribute is a referrer policy attribute. Its purpose is to
+ set the referrer policy used when fetching the image. [[!REFERRERPOLICY]]
+
srcset or picture, set
request's initiator to "imageset".
- ⌛ Set request's same-origin data-URL flag.
+ ⌛ Set request's referrer policy to the current state of the
+ element's referrerpolicy attribute.
⌛ Fetch request. Let this
instance of the fetching algorithm be associated with
@@ -2091,6 +2097,9 @@
image", and set request's synchronous flag.referrerpolicy attribute.isMap IDL attribute must reflect
the ismap content attribute.
+ The referrerPolicy IDL attribute must
+ reflect the <{img/referrerpolicy}> content attribute, limited to only known values.
+
The longDesc IDL attribute is defined in [[!html-longdesc]]. The IDL attribute must reflect
the <{img/longdesc}> content attribute.
@@ -3573,6 +3585,7 @@ My <img src="heart.png" alt="heart"> breaks.
to make payment requests
width - Horizontal dimensionheight - Vertical dimensionreferrerpolicy - Referrer policy for fetches initiated by the elementapplication, document, or img.about:blank". Otherwise, let url be the resulting URL record.
2. If there exists an ancestor browsing context whose active document's
[=Document/URL=], ignoring fragments, is equal to url, then abort these steps.
- 3. Navigate the element's child browsing context to url.
+ 3. Let resource be a new [=request=] whose url is URL and whose
+ [=referrer policy=] is the current state of the
+ element's referrerpolicy content attribute.
referrerpolicy attribute is a referrer policy attribute.
+ Its purpose is to set the referrer policy used when processing the iframe attributes.
+ [[!REFERRERPOLICY]]
+
allowPaymentRequest IDL
attribute must reflect the allowpaymentrequest content attribute.
+ The referrerPolicy IDL attribute must
+ reflect the referrerpolicy content attribute, limited to only known values.
+
The contentDocument IDL attribute must
return the {{Document}} object of the active document of the <{iframe}> element's
nested browsing context, if any and if its [=concept/origin=] is the
@@ -11474,6 +11498,8 @@ red:89
shape - The kind of shape to be created in an image maptarget - browsing context for hyperlink navigationtype - Hint for the type of the referenced resourcereferrerpolicy - Referrer policy for fetches initiated by the elementlink role (default - do not set).href, target,
and download attributes decide how the link is followed. The <{area/rel}>, and hreflang attributes may be used to indicate to the user the likely nature of the target resource before the user follows the link.
- The target, download, <{area/rel}>, and hreflang attributes must be omitted if the href attribute is not present.
+ The target, download, <{area/rel}>, hreflang,
+ type, and referrerpolicy attributes must be omitted if the
+ href attribute is not present.
The activation behavior of <{area}> elements is to run the following
steps:
@@ -11636,6 +11666,9 @@ red:89
The IDL attribute relList must
reflect the <{links/rel}> content attribute.
+ The IDL attribute referrerPolicy must
+ reflect the <{link/referrerpolicy}> content attribute, limited to only known values.
+
HTMLHyperlinkElementUtils interface. [[!URL]]
diff --git a/sections/semantics-forms.include b/sections/semantics-forms.include
index f5f2eb3238..2575ac707c 100644
--- a/sections/semantics-forms.include
+++ b/sections/semantics-forms.include
@@ -7427,7 +7427,7 @@ You cannot submit this form when the field is incorrect.
user agent must send select update notifications.
When the user agent is to send select update notifications,
- queuea task to first fire a simple event that bubbles named input at the
+ queue a task to first fire a simple event that bubbles named input at the
<{select}> element, and then fire a simple event that bubbles named change at the
<{select}> element, using the user interaction task source as the task
source. If the JavaScript execution context stack was not empty when the user agent was
diff --git a/sections/semantics-links.include b/sections/semantics-links.include
index c901b74ae1..5a5eff7cd1 100644
--- a/sections/semantics-links.include
+++ b/sections/semantics-links.include
@@ -175,6 +175,10 @@
resource, user agents must not use metadata included in the link to the resource to determine its
type.
+ The referrerpolicy attribute is a referrer policy attribute.
+ Its purpose is to set the referrer policy used when following hyperlinks.
+ [[!REFERRERPOLICY]]
+
@@ -701,8 +705,13 @@
Let resource be a new [=request=] whose
+ url is URL
+ and whose [=referrer policy=] is the current state of subject's
+ referrerpolicy content attribute.
hreflang - Language of the linked resourcetype - Hint for the type of the referenced resourcereferrerpolicy - Referrer policy for fetches initiated by the elementlink (default - do not set), button,
@@ -55,6 +56,7 @@
attribute DOMString hreflang;
attribute DOMString type;
attribute DOMString text;
+ attribute DOMString referrerPolicy;
};
HTMLAnchorElement implements HTMLHyperlinkElementUtils;
@@ -68,8 +70,9 @@
represents a placeholder for where a link might otherwise have been placed, if it had been
relevant, consisting of just the element's contents.
- The target, download, <{a/rel}>, <{a/rev}>, hreflang, and
- type attributes must be omitted if the <{a/href}> attribute is not present.
+ The target, download, <{a/rel}>, <{a/rev}>, hreflang,
+ type, and referrerpolicy attributes must be omitted if the
+ <{a/href}> attribute is not present.
target, download, and attributes affect what
- happens when users follow hyperlinks or download hyperlinks created using the
- <{a}> element. The <{a/rel}>, <{a/rev}>, hreflang, and type
- attributes may be used to indicate to the user the likely nature of the target resource before
- the user follows the link.
+ The <{a/href}>, target, download, and referrerpolicy
+ attributes affect what happens when users follow hyperlinks or download hyperlinks
+ created using the <{a}> element. The <{a/rel}>, <{a/rev}>, hreflang, and
+ type attributes may be used to indicate to the user the likely nature of
+ the target resource before the user follows the link.
The activation behavior of <{a}> elements that create hyperlinks is to
run the following steps:
@@ -142,6 +145,9 @@
The IDL attribute relList must
reflect the <{a/rel}> content attribute.
+ The IDL attribute referrerPolicy must reflect the
+ referrerpolicy content attribute, limited to only known values.
+
The text IDL attribute, on getting,
must return the same value as the {{Node/textContent}} IDL attribute on the element, and on
setting, must act as if the {{Node/textContent}} IDL attribute on the element had been set to
diff --git a/sections/webappapis.include b/sections/webappapis.include
index 48c7eb4730..a5ff6b316f 100644
--- a/sections/webappapis.include
+++ b/sections/webappapis.include
@@ -146,6 +146,10 @@
:: An HTTPS state value representing the security properties of the network channel used to
deliver the resource with which the environment settings object is associated.
+ : An referrer policy
+ :: The default referrer policy for fetches performed using this
+ environment settings object as a request client. [[!REFERRERPOLICY]]
+
An environment settings object also has an
outstanding rejected promises weak set and an
about-to-be-notified rejected promises list, used to track
@@ -218,7 +222,7 @@
asynchronously complete with either null (on failure) or a new classic script
(on success).
- 1. Let request be a new request whose url is url,
+ 1. Let request be a new request whose URL is url,
client is settings object, type is
"script", destination is destination, referrer is
referrer, mode is "same-origin",
diff --git a/single-page.bs b/single-page.bs
index 40fc311666..9c427a3cae 100644
--- a/single-page.bs
+++ b/single-page.bs
@@ -4,7 +4,7 @@ Title: HTML 5.2
Level: 5.2
Group: html
Status: ED
-Default Ref Status: snapshot
+!Default Ref Status: snapshot
TR: https://www.w3.org/TR/html52/
ED: https://w3c.github.io/html/
Repository: w3c/html
@@ -1013,6 +1013,11 @@ spec:ecma-262;
"title": "DOM XSLTProcessor",
"href": "https://wiki.whatwg.org/wiki/DOM_XSLTProcessor",
"publisher": "WHATWG"
+ },
+ "REFERRERPOLICY": {
+ "title": "Referrer Policy",
+ "href": "https://www.w3.org/TR/referrer-policy",
+ "publisher": "W3C"
}
}
diff --git a/styles/styles-html.css b/styles/styles-html.css
index d133ef78a3..c29e532f8e 100644
--- a/styles/styles-html.css
+++ b/styles/styles-html.css
@@ -159,6 +159,7 @@ div.head .logo { float: right; margin: 0 1em; }
div.head .logo img { border: none } /* remove border from top image */
div.head dl { margin: 1em 0; }
div.head p.copyright, div.head p.alt { font-size: x-small; font-style: oblique; margin: 0; }
+div.note:before { content: 'Note: '; font-weight: bolder;}
body > .toc > li { margin-top: 1em; margin-bottom: 1em; }
body > .toc.brief > li { margin-top: 0.35em; margin-bottom: 0.35em; }