Michael said:
Silvio Bierman wrote:
[snip]
IE seems to conclude that when a window has an opener it
is not a top-level window. This could break in any future
version naturally but for now you can save some users some
trouble.
An intentionally introduced security vulnerability? What
on Earth possessed Microsoft to do this? ...
<snip>
It is not so much introduced, more as yet unpatched. IE browsers (and a
fair number of others) have suffered from it for years. It doesn't get
publicised much on this group because rather than saving "users some
trouble", closing the users browser without their consent destroys
everything it continued, possibly including their browsing history,
session cookies, partly filled in form information, etc. So in reality,
predictably causing the user trouble. The people who ask the question
don't understand web browsers sufficiently to appreciate the harm such
an action can do, else they would never think such a thing was a god
idea.
The practical upshot of any wide dissemination of the hack, and its use
by inconsiderate web authors, will be that content-inserting proxies
will be distributed with built in filters to jump on either references
to the - window.close - method or the - opener - property. Moving
cross-window interaction even further into the realm of "too unreliable
to consider for Internet use". There are no shortage of javascript
authors who never consider the impact of their actions on users,
themselves or browser scripting as a task; whiteness the pop-up window.
Richard.