[whatwg] window.opener and security

Martijn martijn.martijn at gmail.com
Tue Mar 20 07:53:55 PDT 2007


2007/3/20, Hallvord R M Steen <hallvors at gmail.com>:
> On 20/03/07, timeless <timeless at gmail.com> wrote:
> > On 3/20/07, Hallvord R M Steen <hallvors at gmail.com> wrote:
> > > http://my.opera.com/hallvors/blog/2007/03/14/window-opener-and-security-an-unfixable-problem
>
> > I believe you'll find that Gmail does not have this problem, because
> > when it uses window.open, it opens a gmail page which then triggers a
> > server side redirect, and that destroys the window.opener link.
>
> This is incorrect. window.opener survives the redirect and still
> points to the opener window.
>
> javascript: void(window.open( 'http://hallvord.com/temp/redir.php'))

I don't know what GMail is doing, but I think a
window.open('','_self') would destroy the original window.opener.

Regards,
Martijn



More information about the whatwg mailing list