- From: Gareth Hay <gazhay@gmail.com>
- Date: Tue, 20 Mar 2007 15:09:24 +0000
It would appear that at least the WebKit team agree about the window.opener being read-only. It has resisted all attempts by me to null it or re-assign it, and as soon as the domains no longer match exceptions are thrown. From a security point of view I think this is sufficient to prevent your phishing example.
Received on Tuesday, 20 March 2007 08:09:24 UTC