- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 5 Jun 2007 06:47:23 +0000 (UTC)
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: "Web APIs WG (public)" <public-webapi@w3.org>
On Tue, 5 Jun 2007, Boris Zbarsky wrote: > > evil.com has: > > var win = window.open("http://victim.com", "login-popup"); > > Now if victim.com does a window.open() into login-popup, not only does it > overwrite itself (possibly unexpected), but evil.com gets a handle to the > login-popup window. Generally unexpected behavior all around.... Getting a handle to login-popup is not a big deal. You could get that anyway by just opening the login popup window yourself anyway. The fact that the site overwrites itself is a bigger concern (usability, though, not security); but I don't see what we can do about that. > It almost seems like window names should be scoped to origins.... But I > bet that would break some site somewhere. :( Indeed, I tried doing that earlier and you complained, saying it would break sites. :-) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 5 June 2007 06:47:30 UTC