[whatwg] window.opener and security

Gareth Hay gazhay at gmail.com
Tue Mar 20 08:09:24 PDT 2007

It would appear that at least the WebKit team agree about the  
window.opener being read-only.

It has resisted all attempts by me to null it or re-assign it, and as  
soon as the domains no longer match exceptions are thrown.

 From a security point of view I think this is sufficient to prevent  
your phishing example.

More information about the whatwg mailing list