[Webkit-unassigned] [Bug 17111] New: Unable to set window.opener to null

Thu Jan 31 01:45:53 PST 2008

http://bugs.webkit.org/show_bug.cgi?id=17111

           Summary: Unable to set window.opener to null
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: All
               URL: http://crypto.stanford.edu/~abarth/research/webkit/gmail
                    /
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: hk9565 at gmail.com
                CC: sam at webkit.org, webkit at collinjackson.com

Frames are unable to set their window.opener property to null.

Webmail sites, such as Gmail, commonly set window.opener to null when following
hyperlinks to prevent the destination page from navigating the user away from
their webmail session.  If the user fails to notice the location bar has
changed, they might fall victim to a spoofing attack.

Internet Explorer, Firefox, and Opera all permit sites to set their
window.opener property to null.

Steps to reproduce:
1) Send yourself a Gmail message with a hyperlink to
   <http://crypto.stanford.edu/~abarth/research/webkit/gmail/>.
2) Click the hyperlink in Gmail.
3) Click the 'alert(window.opener === null);' button.
4) Click the 'window.opener.location = "http://www.yahoo.com/";' button.

Expected results:
1) Clicking the first button alerts "true".
2) Clicking the second button throws a null pointer exception.

Actual results:
1) Clicking the first button alert "false".
2) Clicking the second button navigates Gmail to http://www.yahoo.com/.

I think this should be straight-forward to fix, but I don't have a patch in
hand yet.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.