W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2012

Re: [whatwg] Proposal for Links to Unrelated Browsing Contexts

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 6 Jun 2012 16:53:19 -0700
Message-ID: <CALx_OUBMs43=jkf2AU_WAq3WsUQ0pZ8QTASMzt5L21HNrrOong@mail.gmail.com>
To: Charlie Reis <creis@chromium.org>
Cc: whatwg@lists.whatwg.org
Several questions:

1) How would this mechanism work with named windows (which may be targeted
by means other than accessing opener.*)? In certain implementations (e.g.,
Chrome), the separation in this namespace comes free, but that's not given
for other browsers. There are ways in which the attacker could, for
example, load GMail in a window that already has window.name set.

2) What would be the behavior of a rel=unrelated link with target= pointing
to an existing iframe on the page? Could it work in any useful way?

3) What about the same with target= pointing to an existing window? Would
that window become isolated? What would happen to the 'back' button /
history.back()?
Received on Wednesday, 6 June 2012 23:54:11 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:43 UTC