[whatwg] window.opener and security

Hallvord R M Steen hallvors at gmail.com
Tue Mar 20 07:50:47 PDT 2007

On 20/03/07, Gareth Hay <gazhay at gmail.com> wrote:
> Anyway, for use case 1 - If you are worried about phishing attacks,
> you should be using some sort of
> onunload handler trapping to null window.opener.

Yet you are arguing that it should be impossible to set window.opener.
If you had your way that unload handler would simply throw an

I will not follow up this discussion further because it is not
relevant for the proposed window.open extension. I still think it
would be useful to allow a page to open a popup without a
window.opener property to protect itself from malicious address

Hallvord R. M. Steen

More information about the whatwg mailing list