New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 651579 link

Starred by 3 users
Status: Assigned
Owner:
mkwst@chromium.org
Buried. Ping if important.
Cc:
mkwst@chromium.org
brajkumar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

window.open() with noopener option doesn't correctly disown the opener

Reported by bzbar...@mit.edu, Sep 29 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Firefox/52.0

Example URL:

Steps to reproduce the problem:
1. var w = window.open("", "someuniquename");
2. var w2 = window.open("", "someuniquename", "noopener");
3. alert(w.opener);

What is the expected behavior?
Should alert null, per spec.

What went wrong?
Alerts [object Window].

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? No 

Does this work in other browsers? N/A 

Chrome version: 55.0.2873.4 (Official Build) dev (64-bit)  Channel: n/a
OS Version: OS X 10.10
Flash Version: Shockwave Flash 23.0 r0

Comment 1 by jochen@chromium.org, Sep 30 2016 

do you expect w and w2 to be the same window, however?

Comment 2 by mkwst@chromium.org, Sep 30 2016 

I didn't expect that, but I think you're correct that I should have given the way we wrote the spec. Hrm. It seems strange to me to have:

```
window.open('', 'name', 'noopener');
window.open('', 'name');
```

behave differently to

```
window.open('', 'name');
window.open('', 'name', 'noopener');
```

But I think that's what we specced. So, is this a sane result, or not? :)

Comment 3 by jochen@chromium.org, Sep 30 2016 

sane? that's a bold word...

Boris, wdyt?

Comment 4 by mkwst@chromium.org, Sep 30 2016 

I think it's not a sane result, because it would leave `w` as a WindowProxy handle to the window navigated to in `w2`. That seems bad. Let's not do it.

Comment 5 by mkwst@chromium.org, Sep 30 2016

Owner: mkwst@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 7 by bzbar...@mit.edu, Sep 30 2016 

> do you expect w and w2 to be the same window, however?

As the spec is written, yes.

We can follow up in the github issue, but in general I expect the following:

1)  noopener and noreferrer behave the same way for links.
2)  noopener for window.open and noopener for links behave identically.

Within that constraint, I don't think I have strong feelings on the behavior.  I do have strong feelings about the spec matching implementations and vice versa.  ;)

Comment 8 by schenney@chromium.org, Sep 30 2016

Components: -Blink Blink>Bindings
Project Member

Comment 9 by bugdroid1@chromium.org, Oct 6 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5

commit 2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5
Author: mkwst <mkwst@chromium.org>
Date: Thu Oct 06 10:14:53 2016

Fix 'noopener' targeting and return value.

Boris noted a few cases in which Chrome wasn't following the spec for
'noopener'. This patch addresses two of them by ensuring that the call
to 'window.open' return 'null' (rather than 'undefined'), and that we
don't reuse existing windows when processing a 'noopener' request.

BUG= 651578 ,651579

Review-Url: https://codereview.chromium.org/2379313002
Cr-Commit-Position: refs/heads/master@{#423493}

[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/content/test/data/click-noreferrer-links.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash.html
[add] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/http/tests/security/rel-noopener/window-open.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/core/page/CreateWindow.cpp

Comment 10 by brajkumar@chromium.org, Oct 10 2016

Cc: brajkumar@chromium.org
Labels: Needs-Feedback
Tested this issue on Mac OS 10.12 using chrome latest Dev #55.0.2883.6 by following steps mentioned below.

1. Switched to console
2. Typed var w = window.open("", "someuniquename"); , Observed a about:blank new tab opens in the same window
3. Typed var w2 = window.open("", "someuniquename", "noopener"); , Observed a new window about:blank opens
4. Typed alert(w.opener); Observed a alert dialog box saying null

mkwst@ - Could you please confirm is this the expected behavior of the issue to verify it from Chrome TE end? Attaching screen-cast for reference.
651579.mp4
418 KB View Download

Comment 11 by dcheng@chromium.org, Oct 14 2016

Cc: mkwst@chromium.org
 Issue 594681  has been merged into this issue.

Comment 12 by rbyers@chromium.org, Oct 24 2016

Components: -Blink>Bindings Blink>WindowDialog
Labels: Hotlist-Interop

Comment 13 by rbyers@chromium.org, Oct 24 2016

Labels: -OS-Mac OS-All
Project Member

Comment 14 by bugdroid1@chromium.org, Oct 27 2016

Labels: merge-merged-2840
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5

commit 2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5
Author: mkwst <mkwst@chromium.org>
Date: Thu Oct 06 10:14:53 2016

Fix 'noopener' targeting and return value.

Boris noted a few cases in which Chrome wasn't following the spec for
'noopener'. This patch addresses two of them by ensuring that the call
to 'window.open' return 'null' (rather than 'undefined'), and that we
don't reuse existing windows when processing a 'noopener' request.

BUG= 651578 ,651579

Review-Url: https://codereview.chromium.org/2379313002
Cr-Commit-Position: refs/heads/master@{#423493}

[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/content/test/data/click-noreferrer-links.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-different-frames.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-button-click.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-focus.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocked-from-wrong-event.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers3.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers4.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/events/popup-blocking-timers6.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash-expected.txt
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/fast/html/marquee-without-frame-no-crash.html
[add] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/LayoutTests/http/tests/security/rel-noopener/window-open.html
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/bindings/core/v8/custom/V8WindowCustom.cpp
[modify] https://crrev.com/2fde9de3e9ffe7794844ddf9ea3640c5b418b6e5/third_party/WebKit/Source/core/page/CreateWindow.cpp

Comment 15 by dimu@google.com, Nov 4 2016

Labels: -merge-merged-2840
[Automated comment] removing mislabelled merge-merged-2840

Sign in to add a comment