On Tue, 5 Jun 2007, Boris Zbarsky wrote: > > evil.com has: > > var win = window.open("http://victim.com", "login-popup"); > > Now if victim.com does a window.open() into login-popup, not only does it > overwrite itself (possibly unexpected), but evil.com gets a handle to the > login-popup window. Generally unexpected behavior all around.... Getting a handle to login-popup is not a big deal. You could get that anyway by just opening the login popup window yourself anyway. The fact that the site overwrites itself is a bigger concern (usability, though, not security); but I don't see what we can do about that. > It almost seems like window names should be scoped to origins.... But I > bet that would break some site somewhere. :( Indeed, I tried doing that earlier and you complained, saying it would break sites. :-) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'Received on Tuesday, 5 June 2007 06:47:30 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:57 GMT