- From: Gareth Hay <gazhay@gmail.com>
- Date: Tue, 20 Mar 2007 15:03:01 +0000
I think you are deliberately missing the point now... On 20 Mar 2007, at 14:50, Hallvord R M Steen wrote: > On 20/03/07, Gareth Hay <gazhay at gmail.com> wrote: >> Anyway, for use case 1 - If you are worried about phishing attacks, >> you should be using some sort of >> onunload handler trapping to null window.opener. > > Yet you are arguing that it should be impossible to set window.opener. > If you had your way that unload handler would simply throw an > exception... > As was clearly stated, I showed a workaround and then suggested it should be up to the UA to handle this situation. It is not helpful to deliberately misunderstand points, and quote them out of context. I suggest you re-read my mail. > I will not follow up this discussion further because it is not > relevant for the proposed window.open extension. I still think it > would be useful to allow a page to open a popup without a > window.opener property to protect itself from malicious address > modification. I also clearly stated on topic why I don't think this is required. So that you didn't miss the point again, (deliberately or not) 1) Either it is your responsibility to handle the nulling of the property *or* 2) It is the UA's. I personally think the UA should handle it (as stated previously) **BUT** if they do not, you *ARE* responsible for programming correctly and using an unload to null the property when someone navigates away. **AND** you seem to want this extension to cure a problem, that is also cured by window.opener.opener Gareth
Received on Tuesday, 20 March 2007 08:03:01 UTC