I think you are deliberately missing the point now...
On 20 Mar 2007, at 14:50, Hallvord R M Steen wrote:
On 20/03/07, Gareth Hay <[EMAIL PROTECTED]> wrote:
Anyway, for use case 1 - If you are worried about phishing attacks,
you should be using some sort of
onunload handler trapping to null window.opener.
Yet you are arguing that it should be impossible to set window.opener.
If you had your way that unload handler would simply throw an
exception...
As was clearly stated, I showed a workaround and then suggested it
should be up to the UA to handle this situation.
It is not helpful to deliberately misunderstand points, and quote
them out of context. I suggest you re-read my mail.
I will not follow up this discussion further because it is not
relevant for the proposed window.open extension. I still think it
would be useful to allow a page to open a popup without a
window.opener property to protect itself from malicious address
modification.
I also clearly stated on topic why I don't think this is required. So
that you didn't miss the point again, (deliberately or not)
1) Either it is your responsibility to handle the nulling of the
property *or*
2) It is the UA's.
I personally think the UA should handle it (as stated previously)
**BUT** if they do not, you *ARE* responsible for programming
correctly and using an unload to null the property when someone
navigates away.
**AND** you seem to want this extension to cure a problem, that is
also cured by window.opener.opener
Gareth
