On 20/03/07, Gareth Hay <[EMAIL PROTECTED]> wrote:
Anyway, for use case 1 - If you are worried about phishing attacks, you should be using some sort of onunload handler trapping to null window.opener.
Yet you are arguing that it should be impossible to set window.opener. If you had your way that unload handler would simply throw an exception... I will not follow up this discussion further because it is not relevant for the proposed window.open extension. I still think it would be useful to allow a page to open a popup without a window.opener property to protect itself from malicious address modification. -- Hallvord R. M. Steen