- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 05 Jun 2007 01:35:45 -0500
- To: Ian Hickson <ian@hixie.ch>
- CC: "Web APIs WG (public)" <public-webapi@w3.org>
Ian Hickson wrote:
>> And this doesn't really address the concern I raised about window.name
>> (and window targeting) seeing names set by some other site when it
>> opened you in a popup...
>
> That wasn't what the bug was about; could you elaborate on this concern
> further? I'm not sure I remember which it was.
evil.com has:
var win = window.open("http://victim.com", "login-popup");
Now if victim.com does a window.open() into login-popup, not only does it
overwrite itself (possibly unexpected), but evil.com gets a handle to the
login-popup window. Generally unexpected behavior all around....
It almost seems like window names should be scoped to origins.... But I bet
that would break some site somewhere. :(
-Boris
Received on Tuesday, 5 June 2007 06:36:02 UTC