[whatwg] Proposal for Links to Unrelated Browsing Contexts
Michal Zalewski
lcamtuf at coredump.cx
Wed Jun 6 16:53:19 PDT 2012
Several questions:
1) How would this mechanism work with named windows (which may be targeted
by means other than accessing opener.*)? In certain implementations (e.g.,
Chrome), the separation in this namespace comes free, but that's not given
for other browsers. There are ways in which the attacker could, for
example, load GMail in a window that already has window.name set.
2) What would be the behavior of a rel=unrelated link with target= pointing
to an existing iframe on the page? Could it work in any useful way?
3) What about the same with target= pointing to an existing window? Would
that window become isolated? What would happen to the 'back' button /
history.back()?
More information about the whatwg
mailing list