Ian Hickson wrote:
And this doesn't really address the concern I raised about window.name
(and window targeting) seeing names set by some other site when it
opened you in a popup...
That wasn't what the bug was about; could you elaborate on this concern
further? I'm not sure I remember which it was.
evil.com has:
var win = window.open("http://victim.com";, "login-popup");
Now if victim.com does a window.open() into login-popup, not only does it
overwrite itself (possibly unexpected), but evil.com gets a handle to the
login-popup window. Generally unexpected behavior all around....
It almost seems like window names should be scoped to origins.... But I bet
that would break some site somewhere. :(
-Boris
