Maciej Stachowiak wrote:
The name set by "window.open" persists across document loads normally, and this seems analogous.
True, but there the name is set by the thing that "owns" the window, in some sense....
Can you think of a way the existing browser behavior might be exploitable?
Well, browsers can target windows they've opened, so by setting window.name a site B opened from another site A can control which frames targeted links and window.open calls from site A are loaded in..
Conversely, do you have a proposal for what the behavior should be?
Perhaps the window targeting checks should check against whoever set window.name (including by opening the window) instead of just checking against the opener?
I think we could then allow sites to change window.name without introducing problems.
-Boris
