- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Wed, 6 Jun 2012 16:53:19 -0700
- To: Charlie Reis <creis@chromium.org>
- Cc: whatwg@lists.whatwg.org
Several questions: 1) How would this mechanism work with named windows (which may be targeted by means other than accessing opener.*)? In certain implementations (e.g., Chrome), the separation in this namespace comes free, but that's not given for other browsers. There are ways in which the attacker could, for example, load GMail in a window that already has window.name set. 2) What would be the behavior of a rel=unrelated link with target= pointing to an existing iframe on the page? Could it work in any useful way? 3) What about the same with target= pointing to an existing window? Would that window become isolated? What would happen to the 'back' button / history.back()?
Received on Wednesday, 6 June 2012 23:54:11 UTC