[whatwg] window.opener and security
Hallvord R M Steen
hallvors at gmail.com
Tue Mar 20 07:46:32 PDT 2007
On 20/03/07, timeless <timeless at gmail.com> wrote:
> On 3/20/07, Hallvord R M Steen <hallvors at gmail.com> wrote:
> > http://my.opera.com/hallvors/blog/2007/03/14/window-opener-and-security-an-unfixable-problem
> I believe you'll find that Gmail does not have this problem, because
> when it uses window.open, it opens a gmail page which then triggers a
> server side redirect, and that destroys the window.opener link.
This is incorrect. window.opener survives the redirect and still
points to the opener window.
javascript: void(window.open( 'http://hallvord.com/temp/redir.php'))
--
Hallvord R. M. Steen
More information about the whatwg
mailing list