Re: ACTION-61: text for embedding part of the Window object

Ian Hickson wrote:

>> And this doesn't really address the concern I raised about window.name 
>> (and window targeting) seeing names set by some other site when it 
>> opened you in a popup...
> 
> That wasn't what the bug was about; could you elaborate on this concern 
> further? I'm not sure I remember which it was.

evil.com has:

var win = window.open("http://victim.com", "login-popup");

Now if victim.com does a window.open() into login-popup, not only does it 
overwrite itself (possibly unexpected), but evil.com gets a handle to the 
login-popup window.  Generally unexpected behavior all around....

It almost seems like window names should be scoped to origins....  But I bet 
that would break some site somewhere.  :(

-Boris

Received on Tuesday, 5 June 2007 06:36:02 UTC