Re: [whatwg] Proposal for Links to Unrelated Browsing Contexts

Several questions:

1) How would this mechanism work with named windows (which may be targeted
by means other than accessing opener.*)? In certain implementations (e.g.,
Chrome), the separation in this namespace comes free, but that's not given
for other browsers. There are ways in which the attacker could, for
example, load GMail in a window that already has window.name set.

2) What would be the behavior of a rel=unrelated link with target= pointing
to an existing iframe on the page? Could it work in any useful way?

3) What about the same with target= pointing to an existing window? Would
that window become isolated? What would happen to the 'back' button /
history.back()?

Received on Wednesday, 6 June 2012 23:54:11 UTC