This is supposedly: Google Chrome 11.0.696.77 (Official Build 87952) WebKit 534.24
Clicks on a link on a tweet via twitter's page cause the referred-to page to come up in a new tab, then immediately close. I can tweet out http://www.uniteful.com/35 and the link will appear in my stream. Upon clicking, the link comes up very quickly in a new tab. Then, that same tab closes after less than 100ms or so. This behavior happens in Chrome on both OSX and Windows, and also Safari. It doesn't happen in Firefox, IE7 (Win), or Opera (10.6 for Win, 11.11 for OSX). If I turn off Javascript in Safari, the behavior stops. But I can't seem to track down what bit of JS might be responsible for this.
From briefly debugging the issue, window.close() is being called in the .ready() handler (http://api.jquery.com/ready/) in <http://www.uniteful.com/javascripts/application.js> when the script detects that the window was opened from another window.
Some investigation on Firebug tells me that Firefox's origin policy prohibits reload: Permission denied to access property 'reload' [Break On This Error] window.opener.location.reload(true); So maybe that's what we need to do.
Interesting. Yeah, I don't think we have security checks on reload. Maybe we should.
(In reply to comment #4) > Interesting. Yeah, I don't think we have security checks on reload. Maybe we should. I think we should. You can trigger a replay attack if websites aren't careful about URL they open.
Fine catch from dbates on the misplaced popup-closing code in the ready function. I've taken that out of the www.uniteful.com code, but here's the original offending bit for reference: <script src="/javascripts/jquery-1.4.2.min.js" type="text/javascript"></script> (function($){ $(document).ready(function(){ // ... if(window.opener) { window.opener.location.reload(true); window.close() } }); })(jQuery);
Adam, do you think it is a security bug ?
> Adam, do you think it is a security bug ? Nope.
I've put the original broken page back up for ease-of-repro along with a link to a version without that document.close in the document.ready handler: http://webkit.con.com/linking.html
I tried to create a http test but I don't know how I can emulate opening a link by a mouse click.
> window.opener.location.reload(true); > window.close() Even though Firefox bails out with an assertion on reload() in this particular example, wouldn't it have prevented close(), if reached? I think that Firefox rarely allows programmatic close(). > I tried to create a http test but I don't know how I can emulate opening a link by a mouse click. You can use EventSender if it's important to simulate mouse click.
(In reply to comment #11) > > I tried to create a http test but I don't know how I can emulate opening a link by a mouse click. > > You can use EventSender if it's important to simulate mouse click. I tried but the target was never loaded. I don't know what I did wrong :(