[whatwg] no referer attrribute for <a>, same reason as ping

Tyler Close tyler.close at gmail.com
Wed Jan 18 14:02:54 PST 2006


I wrote:
> It would be nice to be able to directly specify the referer behaviour
> on the <a> element, instead of resorting to the same trickery
> currently used for click tracking.

Here's a concrete proposal for what this could be:

The <a> element gets a new attribute named "referer" [sic]. The
possible values are: "none|site|path|page", where the value of the
Referer header is:

"none": The Referer header must not be sent
"site": The request URI, stripped of the path and query components
"path": The request URI, stripped of the query component
"page": The request URI

For example, for a document fetched from
<http://example.com/a/b/c?q#f>, the Referer for a clicked <a> element
would be:

"none": No Referer sent
"site": http://example.com/
"path": http://example.com/a/b/c
"page": http://example.com/a/b/c?q

In an ideal world, it might be nice to also have a "link" option,
where the Referer header would contain the request URI with a fragment
appended, whose value is the "name" attribute of the clicked <a>
element. This feature would give us a kind of bidirectional link.
Unfortunately, RFC 2616 forbids fragments in the Referer header.

I think the "none" option is really important for making it easier to
produce secure web applications. The other options are "nice to
haves".

Tyler

--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/extensions/moreinfo.php?id=957



More information about the whatwg mailing list