Open alancutter opened 2 years ago
I think this would be the first time that a page could get a WindowProxy
for an existing window. The only malicious thing I can think of for what a site could do with that is call close()
. The existing rule that a window is script-closable only if it was itself created by script should apply. It might need some additional checks that it was created by that script in particular and not another script. For example, if a.com launches b.com then c.com shouldn't be able to close the b.com window by calling window.open("b.com")
to get a WindowProxy
for the existing window.
I think this would be the first time that a page could get a
WindowProxy
for an existing window.
Nah, window.open(url, "existingwindowname")
lets you generate handles to existing windows which have set window.name = "existingwindowname"
.
I haven't looked at this feature in detail but maybe it's a bit more dangerous since it doesn't require victim opt in?
^^ @mikewest @camillelamy for thoughts on the above
window.open
should only allow you to grab a handle to a window you're familiar with, which requires some non-trivial existing relationship between the windows.Mike is quite correct on "familiar with", and I am highly embarrassed.
(@domenic corrects me on stuff all the time; HTML is complicated, nothing to be embarrassed about!)
Thanks, familiar with wasn't something I was familiar with. That constraint sounds reasonable here.
I think supporting existing windows being returned as active WindowProxy handles from window.open()
can be considered a future API extension at this point without much compat risk.
Ideally it continues to return a WindowProxy object for the existing window but it's not clear that that doesn't conflict or break something.