[Javascript] Need help determining when remote window closes.

[and-babble at doxdesk.com (Andrew Clover)]

Glenn Lanier <glenn_lanier@xxxxxxxxxxx> wrote:

> when they close the window, I'd like to change the page displayed in
> the original window. 

> if (!remoteWin)

The JS object remoteWin will still exist even if the window is closed, 
so this test will always be false. Check (remoteWin.closed) instead.

A remoteWin.onunload would be a less ugly way to send the event back 
than a timeout loop - *if* the document in remoteWin is in the same 
domain as yours.

> window.open([...], 'toolbar=no, location=no,  menubar=no[...]');

Don't do that. By removing important system features you've not only 
made the window annoying to use, but also made the popup vulnerable to 
phishing attacks. By targeting the window named 'remote' an attacker can 
navigate the window to a different URL, effectively injecting their own 
content into what *appears* to be your domain. At least with an address 
bar they would see that the URL does not match what they expect.

If your application doesn't need to care about security you'd get away 
with it, but it's a particularly widespread piece of poor practice that 
browsers ought really to disallow.

-- 
Andrew Clover
mailto:and@xxxxxxxxxxx
http://www.doxdesk.com/