[whatwg] Proposal for Links to Unrelated Browsing Contexts

Charlie Reis creis at chromium.org
Wed Jun 6 16:56:47 PDT 2012


I'm hoping to bypass all of those by overriding any specification of target
in the link.  That is, if "rel=unrelated" is specified, that forces target
to be "_blank".

Charlie

On Wed, Jun 6, 2012 at 4:53 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote:

> Several questions:
>
> 1) How would this mechanism work with named windows (which may be targeted
> by means other than accessing opener.*)? In certain implementations (e.g.,
> Chrome), the separation in this namespace comes free, but that's not given
> for other browsers. There are ways in which the attacker could, for
> example, load GMail in a window that already has window.name set.
>
> 2) What would be the behavior of a rel=unrelated link with target=
> pointing to an existing iframe on the page? Could it work in any useful way?
>
> 3) What about the same with target= pointing to an existing window? Would
> that window become isolated? What would happen to the 'back' button /
> history.back()?
>
>



More information about the whatwg mailing list