| Summary: | Calling window.open("", "_self") allows working around restrictions on window.close() | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Ali Juma <ajuma> | ||||||
| Component: | DOM | Assignee: | Ali Juma <ajuma> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | achristensen, cdumez, commit-queue, webkit-bug-importer | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | WebKit Nightly Build | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
Created attachment 353388 [details]
Patch
Comment on attachment 353388 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353388&action=review r=me > LayoutTests/fast/dom/Window/window-open-self-disallow-close.html:5 > + <div id="log"></div> Is this really needed? Created attachment 353396 [details]
Patch for landing
(In reply to Chris Dumez from comment #2) > Comment on attachment 353388 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=353388&action=review > > r=me > > > LayoutTests/fast/dom/Window/window-open-self-disallow-close.html:5 > > + <div id="log"></div> > > Is this really needed? Not needed, removed now. Comment on attachment 353396 [details] Patch for landing Clearing flags on attachment: 353396 Committed r237598: <https://trac.webkit.org/changeset/237598> All reviewed patches have been landed. Closing bug. |
Windows that haven't been opened by script can't be closed using window.close(). However, calling |window.open("", "_self")| causes the existing window to be treated as if it's been opened by script, since in DOMWindow::createWindow we call |newFrame->page()->setOpenedByDOM();| without checking if this is really a newly-created frame. This means that script can trivially workaround the restriction on window.close() by instead calling: window.open("", "_self").close() Neither Blink nor Gecko allows scripts to close windows this way.