RESOLVED CONFIGURATION CHANGED 17111
window.opener reset to non-null after being explicitly set to null 
https://bugs.webkit.org/show_bug.cgi?id=17111
Summary window.opener reset to non-null after being explicitly set to null
Adam Barth
Reported 2008-01-31 01:45:53 PST
Frames are unable to set their window.opener property to null. Webmail sites, such as Gmail, commonly set window.opener to null when following hyperlinks to prevent the destination page from navigating the user away from their webmail session. If the user fails to notice the location bar has changed, they might fall victim to a spoofing attack. Internet Explorer, Firefox, and Opera all permit sites to set their window.opener property to null. Steps to reproduce: 1) Send yourself a Gmail message with a hyperlink to <http://crypto.stanford.edu/~abarth/research/webkit/gmail/>. 2) Click the hyperlink in Gmail. 3) Click the 'alert(window.opener === null);' button. 4) Click the 'window.opener.location = "http://www.yahoo.com/";' button. Expected results: 1) Clicking the first button alerts "true". 2) Clicking the second button throws a null pointer exception. Actual results: 1) Clicking the first button alert "false". 2) Clicking the second button navigates Gmail to http://www.yahoo.com/. I think this should be straight-forward to fix, but I don't have a patch in hand yet.
Attachments
Add attachment proposed patch, testcase, etc.
Geoffrey Garen
Comment 1 2008-01-31 11:37:21 PST
WebKit allows frames to set window.opener, just not across domains. The same is true of Firefox. I think the difference in behavior here must have some other cause.
Adam Barth
Comment 2 2008-01-31 14:36:13 PST
> I think the difference in behavior here must have some other cause. Yes, you're right. The real issue is that the window.opener property is being reset after navigation, see: http://crypto.stanford.edu/~abarth/research/webkit/gmail/open.html When you follow a link in Gmail, they first call window.open(""), and then document.write content into the open window that nulls the opener and navigates the window to the destination. WebKit is resetting the opener during navigation.
Geoffrey Garen
Comment 3 2008-01-31 14:56:13 PST
Modified title to reflect Adam's analysis.
Ahmad Saleem
Comment 4 2022-07-25 16:36:29 PDT
I am unable to reproduce this issue in Safari 15.6 on macOS 12.5 using test URL, I get following: First Button - True --> dialog box (on window.opener == null) Second Button - Nothing --> Though errors in Console to say that window-opener is null. I think since all browsers are matching each other, this can be considered as "RESOLVED CONFIGURATION CHANGED" or "RESOLVED WORKSFORME". Thanks!
Ryosuke Niwa
Comment 5 2022-07-25 20:55:03 PDT
Thanks for testing
Note You need to log in before you can comment on or make changes to this bug.