[whatwg] window.opener and security
Hallvord R M Steen
hallvors at gmail.com
Tue Mar 20 08:45:47 PDT 2007
> 1) Either it is your responsibility to handle the nulling of the
> property *or*
> 2) It is the UA's.
The UA can not do this. It would break legacy pages by resetting
window.opener if content comes from a different server.
> I personally think the UA should handle it (as stated previously)
> **BUT** if they do not, you *ARE* responsible for programming
> correctly and using an unload to null the property when someone
> navigates away.
Wouldn't it then be cleaner to be able to tell the UA in advance that
the window should not have an .opener property?
> **AND** you seem to want this extension to cure a problem, that is
> also cured by window.opener.opener
You mean window.top.opener . No, that issue is in no way related to
the suggested extension.
--
Hallvord R. M. Steen
More information about the whatwg
mailing list