The SVGAElement interface in SVG 2.0 allows manipulation of <a> elements similar to HTML anchor elements. Supporting the rel and relList attributes enhances security and privacy for developers. This alignment with HTML anchor elements ensures consistency and ease of use across web technologies.
SVG 2.0 specifies the rel and relList attributes in the SVGAElement interface. Similar to its HTML counterpart, the rel attribute (with values like "noreferrer" and "noopener") is useful for enhancing both privacy and security. Currently, the absence of these attributes for SVGAElement introduces several security and privacy risks: - Cross-Site Scripting (XSS): Without noopener and noreferrer, SVG links can be exploited for XSS attacks, potentially stealing sensitive information. - Reverse Tabnabbing: Without noopener, an attacker can manipulate the original page using the window.opener property, redirecting it to a malicious site. - Referrer Leakage: Without noreferrer, the URL of the referring page is sent to the linked site, exposing sensitive information about the user's browsing history. Overall, the lack of support for these attributes in Chrome's implementation of SVG 2.0 can lead to increased development complexity, potential inconsistencies in user experience, and heightened security and privacy risks. Adding this feature will mitigate these risks and narrow the gap in SVG 2.0 implementation. Both Safari and Firefox already support this functionality. If Chromium adopts this feature, it will enhance interoperability across browsers, providing a more consistent experience for web authors.
Docs: https://docs.google.com/document/d/1ejVVjucwrfzXSk-W8r5TPMbzk6F25D-eUkD6YInOJFE/edit?tab=t.0