|Summary:||Should allow cross-origin navigation of top-level openers|
|Product:||WebKit||Reporter:||Steen Nielsen <steen>|
|Version:||528+ (Nightly build)|
Description Steen Nielsen 2009-07-06 07:37:54 PDT
Comment 1 Mark Rowe (bdash) 2009-07-06 11:24:26 PDT
Comment 2 Sam Weinig 2009-09-22 22:16:34 PDT
Adam, do you have any thoughts on allowing a popup to navigate its opener, even if they are of different origins?
Comment 3 Adam Barth 2009-09-22 23:09:29 PDT
It sounds like the opener restriction is preventing the navigation (because example2.com is not the opener of example1.com). In general, it's hard to state a threat model in which the opener restriction buys you much security. It seems fine to allow this case, especially if that makes us more compatible with Firefox 3.5. It seems similar to allowing frame-busting (just popups instead of iframes).
Comment 4 Sam Weinig 2009-09-23 16:52:26 PDT
Created attachment 40030 [details] patch
Comment 5 Adam Barth 2009-09-23 18:42:14 PDT
Comment on attachment 40030 [details] patch Precisely.