[Webkit-unassigned] [Bug 17111] New: Unable to set window.opener to null
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 31 01:45:53 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=17111
Summary: Unable to set window.opener to null
Product: WebKit
Version: 525+ (Nightly build)
Platform: All
URL: http://crypto.stanford.edu/~abarth/research/webkit/gmail
/
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: hk9565 at gmail.com
CC: sam at webkit.org, webkit at collinjackson.com
Frames are unable to set their window.opener property to null.
Webmail sites, such as Gmail, commonly set window.opener to null when following
hyperlinks to prevent the destination page from navigating the user away from
their webmail session. If the user fails to notice the location bar has
changed, they might fall victim to a spoofing attack.
Internet Explorer, Firefox, and Opera all permit sites to set their
window.opener property to null.
Steps to reproduce:
1) Send yourself a Gmail message with a hyperlink to
<http://crypto.stanford.edu/~abarth/research/webkit/gmail/>.
2) Click the hyperlink in Gmail.
3) Click the 'alert(window.opener === null);' button.
4) Click the 'window.opener.location = "http://www.yahoo.com/";' button.
Expected results:
1) Clicking the first button alerts "true".
2) Clicking the second button throws a null pointer exception.
Actual results:
1) Clicking the first button alert "false".
2) Clicking the second button navigates Gmail to http://www.yahoo.com/.
I think this should be straight-forward to fix, but I don't have a patch in
hand yet.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list