Skip to content

Commit

Permalink
Editorial: cleanup window.opener
Browse files Browse the repository at this point in the history
This feature has some outstanding issues and feature requests; see whatwg#323
and whatwg#1826. But this editorial cleanup creates a more solid foundation
for future work.
  • Loading branch information
annevk authored and Alice Boxhall committed Jan 7, 2019
1 parent 0b2deb5 commit 0d01ae4
Showing 1 changed file with 58 additions and 46 deletions.
104 changes: 58 additions & 46 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -23043,8 +23043,8 @@ document.body.appendChild(wbr);</pre>

<li><p>If <var>target</var> is null, then return.</p></li>

<li><p>If <var>noopener</var> and <var>replace</var> are true, then
<span data-x="disowned its opener">disown <var>target</var>'s opener</span>.</p></li>
<li><p>If <var>noopener</var> and <var>replace</var> are true, then <span
data-x="disowned">disown</span> <var>target</var>.</p></li>

<li><p><span data-x="parse a url">Parse</span> the <span>URL</span> given by <var>subject</var>'s
<code data-x="attr-hyperlink-href">href</code> attribute, relative to <var>subject</var>'s
Expand Down Expand Up @@ -23595,15 +23595,18 @@ document.body.appendChild(wbr);</pre>
<td><em>not allowed</em></td>
<td><span data-x="hyperlink annotation">Annotation</span></td>
<td class="no"> &middot; </td>
<td>Requires any <span>browsing context</span> created by following the hyperlink to <span data-x="disowned its opener">disown its opener</span>.</td>
<td>Indicates that any <span>browsing context</span> created by following the hyperlink is
<span>disowned</span>.</td>
</tr>

<tr>
<td><code data-x="rel-noreferrer">noreferrer</code></td>
<td><em>not allowed</em></td>
<td><span data-x="hyperlink annotation">Annotation</span></td>
<td class="no"> &middot; </td>
<td>Requires that the user agent not send an HTTP `<code data-x="http-referer">Referer</code>` (sic) header if the user follows the hyperlink.</td>
<td>Indicates that any <span>browsing context</span> created by following the hyperlink is
<span>disowned</span> and will not get a `<code data-x="http-referer">Referer</code>` (sic)
header.</td>
</tr>

<tr>
Expand Down Expand Up @@ -24353,9 +24356,8 @@ document.body.appendChild(wbr);</pre>
implied hyperlink, if no other keywords create one).</p>

<p>The keyword indicates that any newly created <span>browsing context</span> which results from
following the <span>hyperlink</span> will have <span>disowned its opener</span>, which means that
its <code data-x="dom-opener">window.opener</code> property will be <code
data-x="">null</code>.</p>
following the <span>hyperlink</span> will be <span>disowned</span>, which means that its <code
data-x="dom-opener">window.opener</code> attribute will be null.</p>


<h5>Link type "<dfn><code data-x="rel-noreferrer">noreferrer</code></dfn>"</h5>
Expand Down Expand Up @@ -24383,8 +24385,6 @@ document.body.appendChild(wbr);</pre>

</div>

<!-- v2: Would be nice to apply this to other elements too, e.g. letting <img> or CSS or <video>
hide the referrer -->

<h5>Link type "<dfn><code data-x="rel-pingback">pingback</code></dfn>"</h5>

Expand Down Expand Up @@ -77276,41 +77276,52 @@ console.assert(iframeWindow.frameElement === null);

<h5>Navigating auxiliary browsing contexts in the DOM</h5>

<p>The <dfn><code data-x="dom-opener">opener</code></dfn> IDL attribute on the <code>Window</code>
object, on getting, must return the <code>WindowProxy</code> object of the <span>browsing
context</span> from which the current <span>browsing context</span> was created (its <span>opener
browsing context</span>), if there is one, if it is still available, and if the current
<span>browsing context</span> has not <i data-x="disowned its opener">disowned its opener</i>;
otherwise, it must return null. On setting, if the new value is null then the current
<span>browsing context</span> must <dfn data-x="disowned its opener" data-export="">disown its
opener</dfn>; if the new value is anything else then the user agent must

<!-- dark magic incantation begins -->
call the [[DefineOwnProperty]] internal method of the <code>Window</code> object, passing the
property name "<code data-x="">opener</code>" as the property key, and the Property Descriptor {
[[Value]]: <var>value</var>, [[Writable]]: true, [[Enumerable]]: true,
[[Configurable]]: true } as the property descriptor,
<!-- dark magic incantation ends -->

where <var>value</var> is the new value.</p>

<div class="note">
<p>If a <span>browsing context</span> has <span data-x="disowned its opener">disowned its
opener</span>, the value of its <code data-x="dom-opener">window.opener</code> is <code
data-x="">null</code>. That prevents scripts in the <span>browsing context</span> from changing
any properties of its <span>opener browsing context</span>'s <code>Window</code> (i.e., the window
from which the <span>browsing context</span> was created).</p>

<p>Otherwise, if a <span>browsing context</span> has <em>not</em> <span>disowned its
opener</span>, then scripts in that <span>browsing context</span> can use <code
data-x="dom-opener">window.opener</code> to change properties of its <span>opener browsing
context</span>'s <code>Window</code>. For example, a script running in the <span>browsing
context</span> can change the value of <code data-x="">window.opener.location</code>, causing the
<span>opener browsing context</span> to navigate to a completely different document.</p>
</div>
<p>An <span>auxiliary browsing context</span> can be <dfn
id="disowned-its-opener">disowned</dfn>.</p>

<p>The <dfn><code data-x="dom-opener">opener</code></dfn> attribute's getter, must run these
steps:</p>

<ol>
<li><p>If the current <span>browsing context</span> is <span>disowned</span>, then return
null.</p></li>

<li><p>If the current <span>browsing context</span> has no <span>opener browsing context</span>,
then return null.</p></li>

<li><p>Return the current <span>browsing context</span>'s <span>opener browsing context</span>'s
<code>WindowProxy</code> object.</p></li>
</ol>

<p>The <code data-x="dom-opener">opener</code> attribute's setter, must run these steps:</p>

<ol>
<li><p>If the given value is null, then <span data-x="disowned">disown</span> the current
<span>browsing context</span> and return.</p></li>

<li><p>Return the result of calling <span>OrdinaryDefineOwnProperty</span>(this
<code>Window</code> object, "<code data-x="">opener</code>", { [[Value]]: the given value,
[[Writable]]: true, [[Enumerable]]: true, [[Configurable]]: true }). Rethrow any
exceptions.</p></li>
</ol>

<div class="note">
<p>If a <span>browsing context</span> is <span>disowned</span>, its <code
data-x="dom-opener">window.opener</code> attribute is null. That prevents scripts in the
<span>browsing context</span> from changing any properties of its <span>opener browsing
context</span>'s <code>Window</code> object (i.e., the <code>Window</code> object from which the
<span>browsing context</span> was created).</p>

<p>Otherwise, if a <span>browsing context</span> is not <span>disowned</span>, then scripts in
that <span>browsing context</span> can use <code data-x="dom-opener">window.opener</code> to
change properties of its <span>opener browsing context</span>'s <code>Window</code> object. For
example, a script running in the <span>browsing context</span> can change the value of <code
data-x="">window.opener.location</code>, causing the <span>opener browsing context</span> to
navigate to a completely different document.</p>
</div>



<!--ADD-TOPIC:Security-->
<div w-nodev>

<h4 id="security-nav">Security</h4>
Expand Down Expand Up @@ -77396,7 +77407,6 @@ console.assert(iframeWindow.frameElement === null);
document</span>.</p>

</div>
<!--REMOVE-TOPIC:Security-->


<div w-nodev>
Expand Down Expand Up @@ -77630,7 +77640,7 @@ console.assert(iframeWindow.frameElement === null);
the most recently opened, most recently focused, or more closely related.</p>

<p class="&#x0058;&#x0058;&#x0058;">This will be made more precise in <a
href="https://github.com/whatwg/html/issues/1440">issue #1440</a>.
href="https://github.com/whatwg/html/issues/1440">issue #1440</a>.</p>
</li>

<li>
Expand Down Expand Up @@ -77697,7 +77707,9 @@ console.assert(iframeWindow.frameElement === null);

<p class="note">User agents are encouraged to provide a way for users to configure the user
agent to always reuse <var>current</var>.</p>
</li>

<li>
<p>If <var>new</var> is true, then:</p>

<ol>
Expand Down Expand Up @@ -78276,8 +78288,8 @@ callback <dfn>FrameRequestCallback</dfn> = void (<span>DOMHighResTimeStamp</span
</ol>
</li>

<li><p>If <var>noopener</var> is true, then <span data-x="disowned its opener">disown <var>target
browsing context</var>'s opener</span> and return null.</p></li>
<li><p>If <var>noopener</var> is true, then <span data-x="disowned">disown</span> <var>target
browsing context</var> and return null.</p></li>

<li><p>Return <var>target browsing context</var>'s <code>WindowProxy</code> object.</p></li>
</ol>
Expand Down

0 comments on commit 0d01ae4

Please sign in to comment.