- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Wed, 13 Jun 2012 16:44:12 -0700
- To: Charlie Reis <creis@chromium.org>
- Cc: whatwg@whatwg.org, Bjartur Thorlacius <svartman95@gmail.com>, Glenn Maynard <glenn@zewt.org>, Adam Barth <w3c@adambarth.com>
> Any feedback on this revised approach?
My vague concern is that the separation is a bit fuzzy, beyond saying
that window.opener will be null... if that's the only guaranteed
outcome, then maybe that should be spelled out more clearly? The
degree of separation between browsing contexts is intuitive in the
case of Chrome, given the underlying implementations, but will it be
the same for Internet Explorer or Firefox or Safari?
Let's assume that there is no Chrome-style process isolation, and that
this is only implemented as not giving the target=_unrelated document
the ability to traverse window.opener. If the document's opener lives
in an already-named window (perhaps unwittingly), it won't be
prevented from acquiring the handle via open('',
'<name_of_that_window>'), right? That may be unexpected.
The same goes the other way - the spec subtly implies that because
window.open('foo', '_unrelated') returns null, the opener will not be
able to mess with the opened window, but that's not guaranteed given
that the reference may be leaked by other means, right?
/mz
Received on Wednesday, 13 June 2012 23:55:22 UTC