Skip to content

Commit

Permalink
Add referrerpolicy attribute support to <script>s
Browse files Browse the repository at this point in the history
  • Loading branch information
domfarolino authored and domenic committed May 30, 2018
1 parent f8bd887 commit 0d28f8f
Showing 1 changed file with 43 additions and 22 deletions.
65 changes: 43 additions & 22 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -57401,6 +57401,7 @@ interface <dfn>HTMLDialogElement</dfn> : <span>HTMLElement</span> {
<dd><code data-x="attr-script-defer">defer</code></dd>
<dd><code data-x="attr-script-crossorigin">crossorigin</code></dd>
<dd><code data-x="attr-script-integrity">integrity</code></dd>
<dd><code data-x="attr-script-referrerpolicy">referrerpolicy</code></dd>
<dt><span data-x="concept-element-dom">DOM interface</span>:</dt>
<dd w-nodev>
<pre class="idl">[Exposed=Window,
Expand All @@ -57414,6 +57415,7 @@ interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
[<span>CEReactions</span>] attribute DOMString? <span data-x="dom-script-crossOrigin">crossOrigin</span>;
[<span>CEReactions</span>] attribute DOMString <span data-x="dom-script-text">text</span>;
[<span>CEReactions</span>] attribute DOMString <span data-x="dom-script-integrity">integrity</span>;
[<span>CEReactions</span>] attribute DOMString <span data-x="dom-script-referrerPolicy">referrerPolicy</span>;

};</pre>
</dd>
Expand Down Expand Up @@ -57478,8 +57480,9 @@ interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
defined for the format used. The <code data-x="attr-script-src">src</code>, <code
data-x="attr-script-async">async</code>, <code data-x="attr-script-nomodule">nomodule</code>,
<code data-x="attr-script-defer">defer</code>, <code
data-x="attr-script-crossorigin">crossorigin</code>, and <code
data-x="attr-script-integrity">integrity</code> attributes must not be specified.</p>
data-x="attr-script-crossorigin">crossorigin</code>, <code
data-x="attr-script-integrity">integrity</code>, and <code
data-x="attr-script-referrerpolicy">referrerpolicy</code> attributes must not be specified.</p>

<p>The <dfn><code data-x="attr-script-nomodule">nomodule</code></dfn> attribute is a <span>boolean
attribute</span> that prevents a script from being executed in user agents that support
Expand Down Expand Up @@ -57560,11 +57563,27 @@ interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
<span>module script</span> or when the <code data-x="attr-script-src">src</code> attribute is not
specified. <ref spec="SRI"></p>

<p>The <dfn><code data-x="attr-script-referrerpolicy">referrerpolicy</code></dfn> attribute is a
<span>referrer policy attribute</span>. Its purpose is to set the <span>referrer policy</span>
used when <span data-x="concept-fetch">fetching</span> the script, as well as any scripts imported
from it. <ref spec=REFERRERPOLICY></p>

<div class="example">
<p>An example of a &lt;script>'s referrer policy being used when fetching imported scripts but
not other subresources.</p>

<pre>&lt;script src="main.js" referrerpolicy="origin">
fetch('/api/data'); // not fetched with &lt;script>'s referrer policy
import('./utils.js'); // is fetched with &lt;script>'s referrer policy ("origin" in this case)
&lt;/script></pre>
</div>

<p>Changing the <code data-x="attr-script-src">src</code>, <code
data-x="attr-script-type">type</code>, <code data-x="attr-script-nomodule">nomodule</code>, <code
data-x="attr-script-async">async</code>, <code data-x="attr-script-defer">defer</code>, <code
data-x="attr-script-crossorigin">crossorigin</code>, and <code
data-x="attr-script-integrity">integrity</code> attributes dynamically has no direct effect; these
data-x="attr-script-crossorigin">crossorigin</code>, <code
data-x="attr-script-integrity">integrity</code>, and <code
data-x="attr-script-referrerpolicy">referrerpolicy</code> attributes dynamically has no direct effect; these
attributes are only used at specific times described below.</p> <!-- by implication, changes to
the base URL also have no effect -->

Expand All @@ -57576,6 +57595,10 @@ interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
data-x="dom-script-integrity">integrity</code></dfn>, must each <span>reflect</span> the
respective content attributes of the same name.</p>

<p>The <dfn><code data-x="dom-script-referrerPolicy">referrerPolicy</code></dfn> IDL attribute must
<span>reflect</span> the <code data-x="attr-script-referrerpolicy">referrerpolicy</code> content
attribute, <span>limited to only known values</span>.</p>

<p>The <dfn><code data-x="dom-script-crossOrigin">crossOrigin</code></dfn> IDL attribute must
<span>reflect</span> the <code data-x="attr-script-crossorigin">crossorigin</code> content
attribute, <span>limited to only known values</span>.</p>
Expand Down Expand Up @@ -58072,25 +58095,21 @@ o............A....e

</li>

<li><p>Let <var>referrer policy</var> be the current state of the element's <code
data-x="attr-script-referrerpolicy">referrerpolicy</code> content attribute.</p></li>

<li><p>Let <var>parser metadata</var> be "<code data-x="">parser-inserted</code>" if the
<code>script</code> element has been flagged as <span>"parser-inserted"</span>, and
"<code data-x="">not-parser-inserted</code>" otherwise.</p></li>

<li>
<p>Let <var>options</var> be a <span>script fetch options</span> whose <span
data-x="concept-script-fetch-options-nonce">cryptographic nonce</span> is <var>cryptographic
nonce</var>, <span data-x="concept-script-fetch-options-integrity">integrity metadata</span> is
<var>integrity metadata</var>, <span data-x="concept-script-fetch-options-parser">parser
metadata</span> is <var>parser metadata</var>, <span
data-x="concept-script-fetch-options-credentials">credentials mode</span> is <var>module script
credentials mode</var>, and <span data-x="concept-script-fetch-options-referrer-policy">referrer
policy</span> is the empty string.</p>

<p class="note">See <a
href="https://github.com/w3c/webappsec-referrer-policy/issues/96">w3c/webappsec-referrer-policy#96</a>
for future plans to add a <code data-x="">referrerpolicy</code> attribute to <code>script</code>
elements.
</p>
<li><p>Let <var>options</var> be a <span>script fetch options</span> whose <span
data-x="concept-script-fetch-options-nonce">cryptographic nonce</span> is <var>cryptographic
nonce</var>, <span data-x="concept-script-fetch-options-integrity">integrity metadata</span> is
<var>integrity metadata</var>, <span data-x="concept-script-fetch-options-parser">parser
metadata</span> is <var>parser metadata</var>, <span
data-x="concept-script-fetch-options-credentials">credentials mode</span> is <var>module script
credentials mode</var>, and <span data-x="concept-script-fetch-options-referrer-policy">referrer
policy</span> is <var>referrer policy</var>.</p></li>

<li><p>Let <var>settings object</var> be the element's <span>node document</span>'s
<code>Window</code> object's <span>environment settings object</span>.</p></li>
Expand Down Expand Up @@ -86799,7 +86818,7 @@ interface <dfn>ApplicationCache</dfn> : <span>EventTarget</span> {
a script">preparing a script</span>, and should not be used directly by other specifications.</p>

<p>To perform the <dfn>internal module script graph fetching procedure</dfn> given a
<var>url</var>, a <var>fetch client settings object</var>, a <var>destination</var>, a some
<var>url</var>, a <var>fetch client settings object</var>, a <var>destination</var>, some
<var>options</var>, a <var>module map settings object</var>, a <var>visited set</var>, a
<var>referrer</var>, and a <var>top-level module fetch</var> flag, perform these steps. The
algorithm will asynchronously complete with either null (on failure) or a <span>module
Expand Down Expand Up @@ -116716,7 +116735,8 @@ interface <dfn>External</dfn> {
<code data-x="attr-script-async">async</code>;
<code data-x="attr-script-defer">defer</code>;
<code data-x="attr-script-crossorigin">crossorigin</code>;
<code data-x="attr-script-integrity">integrity</code></td>
<code data-x="attr-script-integrity">integrity</code>;
<code data-x="attr-script-referrerpolicy">referrerpolicy</code></td>
<td><code>HTMLScriptElement</code></td>
</tr>

Expand Down Expand Up @@ -118234,7 +118254,8 @@ interface <dfn>External</dfn> {
<code data-x="attr-hyperlink-referrerpolicy">area</code>;
<code data-x="attr-iframe-referrerpolicy">iframe</code>;
<code data-x="attr-img-referrerpolicy">img</code>;
<code data-x="attr-link-referrerpolicy">link</code>
<code data-x="attr-link-referrerpolicy">link</code>;
<code data-x="attr-script-referrerpolicy">script</code>
<td> <span>Referrer policy</span> for <span data-x="concept-fetch">fetches</span> initiated by the element
<td> <span>Referrer policy</span>
<tr>
Expand Down

0 comments on commit 0d28f8f

Please sign in to comment.