[whatwg] window.opener and security

Hallvord R M Steen hallvors at gmail.com
Tue Mar 20 07:46:32 PDT 2007

On 20/03/07, timeless <timeless at gmail.com> wrote:
> On 3/20/07, Hallvord R M Steen <hallvors at gmail.com> wrote:
> > http://my.opera.com/hallvors/blog/2007/03/14/window-opener-and-security-an-unfixable-problem

> I believe you'll find that Gmail does not have this problem, because
> when it uses window.open, it opens a gmail page which then triggers a
> server side redirect, and that destroys the window.opener link.

This is incorrect. window.opener survives the redirect and still
points to the opener window.

javascript: void(window.open( 'http://hallvord.com/temp/redir.php'))

Hallvord R. M. Steen

More information about the whatwg mailing list