All, As commented in http://issues.apache.org/jira/browse/SHINDIG-416, to the best of my knowledge all security concerns with the IE window.opener-based technique have been resolved. The patch works and is very fast, significant benefits atop which we can build lots of cool functionality IMHO. As such, I'm inclined to commit this patch.
But I want to tread very cautiously, so I'm putting out a call for dissent. Does anyone object to committing this? Are there any specific security concerns or unaccounted-for attack vectors? Thanks, John
