No, mostly beacuse there's no legitimate use for setting window.opener in IE when rendering a gadget IFRAME at this point, as far as I know.
That said, the library could be used pretty directly (or adapted to do the same), so I'd be happy to add it if you think it's important. John On Thu, Jul 24, 2008 at 5:54 PM, Brian Eaton <[EMAIL PROTECTED]> wrote: > Quick functionality check: does this restore window.opener to it's > original value after working it's evil magic? > > On Thu, Jul 24, 2008 at 4:44 PM, John Hjelmstad <[EMAIL PROTECTED]> wrote: > > All, > > > > As commented in http://issues.apache.org/jira/browse/SHINDIG-416, to the > > best of my knowledge all security concerns with the IE > window.opener-based > > technique have been resolved. The patch works and is very fast, > significant > > benefits atop which we can build lots of cool functionality IMHO. As > such, > > I'm inclined to commit this patch. > > > > But I want to tread very cautiously, so I'm putting out a call for > dissent. > > Does anyone object to committing this? Are there any specific security > > concerns or unaccounted-for attack vectors? > > > > Thanks, > > John > > >
