[Webkit-unassigned] [Bug 20642] New: Adopt opener restriction for top-level frame navigation

Thu Sep 4 02:20:12 PDT 2008

https://bugs.webkit.org/show_bug.cgi?id=20642

           Summary: Adopt opener restriction for top-level frame navigation
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://blogs.msdn.com/ie/archive/2008/09/02/ie8-
                    security-part-vi-beta-2-update.aspx
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: abarth at webkit.org
                CC: sam at webkit.org, collinj at webkit.org

Both IE 8 beta 2 and Firefox 3 now support the "opener restriction" for
navigation of top-level frames.  We discussed this a number of months ago when
we did the initial frame navigation work, but opted not to implement the
restriction.  Here is what it does:

Suppose window X opens window Y via window.open(...).  If window Z tries to
navigate Y, the navigation will be blocked if Z is not the same origin as X
(the opener of Y).

I'm not convinced the opener restriction actually prevents any real attacks,
but it's probably worth matching the behavior of other browsers.  (Opera has a
very complex policy for top-level windows, for example caring if a window is
showing an HTTPS page or not).

For some older context, see
http://crypto.stanford.edu/websec/frames/navigation/

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.