Patch window.opener if present

Bug reports and enhancement requests
Post Reply
skriptimaahinen
Senior Member
Posts: 220
Joined: Wed Jan 10, 2018 7:37 am

Patch window.opener if present

Post by skriptimaahinen » Mon Mar 15, 2021 8:25 am

This flew under my radar.

Few notes:

1. window.opener is not a fresh window and _should_ always be patched before a new window can be opened (AFAIK).

2. If the opener and opened windows are not same-origin, trying to get canvas context will result in cross-origin block, whether opener is patched or not.

3. On same-origin cases this does indeed prevent getting the context, but there is a side-effect.

Assume user has allowed webgl on example.com/subpage but not on example.com. If the user now navigates from the subpage to example.com (e.g. window.open("example.com")), the window patcher will also patch the window.opener (that is the window of example.com/subpage) with the rules of example.com. This will prevent the scripts in example.com/subpage from getting any new canvas contexts, possibly breaking the pages functionality.

Also note that if the example.com/subpage is reloaded to restore the functionality, window.opener in example.com will now point to a non-patched window.
Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0

User avatar
Giorgio Maone
Site Admin
Posts: 9063
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Patch window.opener if present

Post by Giorgio Maone » Mon Mar 15, 2021 7:12 pm

Everything very reasonable. Probably unneeded under most circumstances, rolling back.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0

User avatar
Giorgio Maone
Site Admin
Posts: 9063
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Patch window.opener if present

Post by Giorgio Maone » Tue Mar 16, 2021 8:49 am

Done, with an unfortunate attribution mistake which I've tried to correct as much as I could.
Sorry for the confusion and thanks again.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0

Post Reply