New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 651579 link

Starred by 3 users

Issue metadata

Status: Assigned
Owner:
Buried. Ping if important.
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

window.open() with noopener option doesn't correctly disown the opener

Reported by bzbar...@mit.edu, Sep 29 2016

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Firefox/52.0

Example URL:

Steps to reproduce the problem:
1. var w = window.open("", "someuniquename");
2. var w2 = window.open("", "someuniquename", "noopener");
3. alert(w.opener);

What is the expected behavior?
Should alert null, per spec.

What went wrong?
Alerts [object Window].

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? No 

Does this work in other browsers? N/A 

Chrome version: 55.0.2873.4 (Official Build) dev (64-bit)  Channel: n/a
OS Version: OS X 10.10
Flash Version: Shockwave Flash 23.0 r0
 

Comment 1 by jochen@chromium.org, Sep 30 2016

do you expect w and w2 to be the same window, however?

Comment 2 by mkwst@chromium.org, Sep 30 2016

I didn't expect that, but I think you're correct that I should have given the way we wrote the spec. Hrm. It seems strange to me to have:

```
window.open('', 'name', 'noopener');
window.open('', 'name');
```

behave differently to

```
window.open('', 'name');
window.open('', 'name', 'noopener');
```

But I think that's what we specced. So, is this a sane result, or not? :)

Comment 3 by jochen@chromium.org, Sep 30 2016

sane? that's a bold word...

Boris, wdyt?

Comment 4 by mkwst@chromium.org, Sep 30 2016

I think it's not a sane result, because it would leave `w` as a WindowProxy handle to the window navigated to in `w2`. That seems bad. Let's not do it.

Comment 5 by mkwst@chromium.org, Sep 30 2016

Owner: mkwst@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 7 by bzbar...@mit.edu, Sep 30 2016

> do you expect w and w2 to be the same window, however?

As the spec is written, yes.

We can follow up in the github issue, but in general I expect the following:

1)  noopener and noreferrer behave the same way for links.
2)  noopener for window.open and noopener for links behave identically.

Within that constraint, I don't think I have strong feelings on the behavior.  I do have strong feelings about the spec matching implementations and vice versa.  ;)
Components: -Blink Blink>Bindings
Project Member

Comment 9 by bugdroid1@chromium.org, Oct 6 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5

commit 2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5
Author: mkwst <mkwst@chromium.org>
Date: Thu Oct 06 10:14:53 2016

Fix 'noopener' targeting and return value.

Boris noted a few cases in which Chrome wasn't following the spec for
'noopener'. This patch addresses two of them by ensuring that the call
to 'window.open' return 'null' (rather than 'undefined'), and that we
don't reuse existing windows when processing a 'noopener' request.

BUG= 651578 ,651579

Review-Url: https://codereview.chromium.org/2379313002
Cr-Commit-Position: refs/heads/master@{#423493}

[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/content/test/data/click-noreferrer-links.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash.html
[add] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/http/tests/security/rel-noopener/window-open.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/core/page/CreateWindow.cpp

Cc: brajkumar@chromium.org
Labels: Needs-Feedback
Tested this issue on Mac OS 10.12 using chrome latest Dev #55.0.2883.6 by following steps mentioned below.

1. Switched to console
2. Typed var w = window.open("", "someuniquename"); , Observed a about:blank new tab opens in the same window
3. Typed var w2 = window.open("", "someuniquename", "noopener"); , Observed a new window about:blank opens
4. Typed alert(w.opener); Observed a alert dialog box saying null

mkwst@ - Could you please confirm is this the expected behavior of the issue to verify it from Chrome TE end? Attaching screen-cast for reference.
651579.mp4
418 KB View Download
Cc: mkwst@chromium.org
 Issue 594681  has been merged into this issue.
Components: -Blink>Bindings Blink>WindowDialog
Labels: Hotlist-Interop
Labels: -OS-Mac OS-All
Project Member

Comment 14 by bugdroid1@chromium.org, Oct 27 2016

Labels: merge-merged-2840
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5

commit 2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5
Author: mkwst <mkwst@chromium.org>
Date: Thu Oct 06 10:14:53 2016

Fix 'noopener' targeting and return value.

Boris noted a few cases in which Chrome wasn't following the spec for
'noopener'. This patch addresses two of them by ensuring that the call
to 'window.open' return 'null' (rather than 'undefined'), and that we
don't reuse existing windows when processing a 'noopener' request.

BUG= 651578 ,651579

Review-Url: https://codereview.chromium.org/2379313002
Cr-Commit-Position: refs/heads/master@{#423493}

[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/content/test/data/click-noreferrer-links.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash.html
[add] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/http/tests/security/rel-noopener/window-open.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/core/page/CreateWindow.cpp

Comment 15 by dimu@google.com, Nov 4 2016

Labels: -merge-merged-2840
[Automated comment] removing mislabelled merge-merged-2840

Sign in to add a comment