[whatwg] window.opener and security
Hallvord R M Steen
hallvors at gmail.com
Tue Mar 20 07:50:47 PDT 2007
On 20/03/07, Gareth Hay <gazhay at gmail.com> wrote:
> Anyway, for use case 1 - If you are worried about phishing attacks,
> you should be using some sort of
> onunload handler trapping to null window.opener.
Yet you are arguing that it should be impossible to set window.opener.
If you had your way that unload handler would simply throw an
I will not follow up this discussion further because it is not
relevant for the proposed window.open extension. I still think it
would be useful to allow a page to open a popup without a
window.opener property to protect itself from malicious address
Hallvord R. M. Steen
More information about the whatwg