W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2012

Re: [whatwg] Proposal for Links to Unrelated Browsing Contexts

From: Charlie Reis <creis@chromium.org>
Date: Wed, 6 Jun 2012 16:56:47 -0700
Message-ID: <CAH+8MBY6D7Hcuny6O-NBO10YhzCjHoJsciWEhAae89N464i3Gg@mail.gmail.com>
To: Michal Zalewski <lcamtuf@coredump.cx>
Cc: whatwg@lists.whatwg.org
I'm hoping to bypass all of those by overriding any specification of target
in the link.  That is, if "rel=unrelated" is specified, that forces target
to be "_blank".

Charlie

On Wed, Jun 6, 2012 at 4:53 PM, Michal Zalewski <lcamtuf@coredump.cx> wrote:

> Several questions:
>
> 1) How would this mechanism work with named windows (which may be targeted
> by means other than accessing opener.*)? In certain implementations (e.g.,
> Chrome), the separation in this namespace comes free, but that's not given
> for other browsers. There are ways in which the attacker could, for
> example, load GMail in a window that already has window.name set.
>
> 2) What would be the behavior of a rel=unrelated link with target=
> pointing to an existing iframe on the page? Could it work in any useful way?
>
> 3) What about the same with target= pointing to an existing window? Would
> that window become isolated? What would happen to the 'back' button /
> history.back()?
>
>
Received on Wednesday, 6 June 2012 23:57:16 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:43 UTC