[whatwg] Proposal for Links to Unrelated Browsing Contexts
simonp at opera.com
Thu Jun 14 00:59:21 PDT 2012
On Thu, 14 Jun 2012 01:44:12 +0200, Michal Zalewski <lcamtuf at coredump.cx>
>> Any feedback on this revised approach?
> My vague concern is that the separation is a bit fuzzy, beyond saying
> that window.opener will be null... if that's the only guaranteed
> outcome, then maybe that should be spelled out more clearly?
rel=noreferrer already has this feature, FWIW.
"This keyword also causes the opener attribute to remain null if the
hyperlink creates a new browsing context."
> degree of separation between browsing contexts is intuitive in the
> case of Chrome, given the underlying implementations, but will it be
> the same for Internet Explorer or Firefox or Safari?
> Let's assume that there is no Chrome-style process isolation, and that
> this is only implemented as not giving the target=_unrelated document
> the ability to traverse window.opener. If the document's opener lives
> in an already-named window (perhaps unwittingly), it won't be
> prevented from acquiring the handle via open('',
> '<name_of_that_window>'), right? That may be unexpected.
> The same goes the other way - the spec subtly implies that because
> window.open('foo', '_unrelated') returns null, the opener will not be
> able to mess with the opened window, but that's not guaranteed given
> that the reference may be leaked by other means, right?
More information about the whatwg