- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Wed, 13 Jun 2012 16:44:12 -0700
- To: Charlie Reis <creis@chromium.org>
- Cc: whatwg@whatwg.org, Bjartur Thorlacius <svartman95@gmail.com>, Glenn Maynard <glenn@zewt.org>, Adam Barth <w3c@adambarth.com>
> Any feedback on this revised approach? My vague concern is that the separation is a bit fuzzy, beyond saying that window.opener will be null... if that's the only guaranteed outcome, then maybe that should be spelled out more clearly? The degree of separation between browsing contexts is intuitive in the case of Chrome, given the underlying implementations, but will it be the same for Internet Explorer or Firefox or Safari? Let's assume that there is no Chrome-style process isolation, and that this is only implemented as not giving the target=_unrelated document the ability to traverse window.opener. If the document's opener lives in an already-named window (perhaps unwittingly), it won't be prevented from acquiring the handle via open('', '<name_of_that_window>'), right? That may be unexpected. The same goes the other way - the spec subtly implies that because window.open('foo', '_unrelated') returns null, the opener will not be able to mess with the opened window, but that's not guaranteed given that the reference may be leaked by other means, right? /mz
Received on Wednesday, 13 June 2012 23:55:22 UTC