Re: ACTION-61: text for embedding part of the Window object

On Tue, 5 Jun 2007, Boris Zbarsky wrote:
> 
> evil.com has:
> 
> var win = window.open("http://victim.com", "login-popup");
> 
> Now if victim.com does a window.open() into login-popup, not only does it
> overwrite itself (possibly unexpected), but evil.com gets a handle to the
> login-popup window.  Generally unexpected behavior all around....

Getting a handle to login-popup is not a big deal. You could get that 
anyway by just opening the login popup window yourself anyway. The fact 
that the site overwrites itself is a bigger concern (usability, though, 
not security); but I don't see what we can do about that.


> It almost seems like window names should be scoped to origins....  But I 
> bet that would break some site somewhere.  :(

Indeed, I tried doing that earlier and you complained, saying it would 
break sites. :-)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 5 June 2007 06:47:30 UTC