can persist after doing cross-origin navigation, which
means it can leak information across origins and be used as a tracking
To address this, we want to clear the window.name
when doing cross-origin
navigations. The window.name
won't persist across origins, so cannot be
used for tracking.
We also want to implement the store/restore window.name
in the session
history when doing history loads. This has been defined in HTML Standard.
Platform coverage: All
Devtools bug: Nope.
* Safari has shipped this.
* Chrome doesn't implement this.
We will add web-platform-tests for this.
This is not restricted to secure contexts.
Is this feature enabled by default in sandboxed iframes?: Yes