[thelist] Weird window targetting problem with javascript links

Erik Mattheis gozz at gozz.com
Wed Jan 15 17:31:02 CST 2003

Now that I look at the PalPal code, I see:

<script language="JavaScript">
	self.name = "paypal";

You might want to see what happens if you name the window paypal
instead of PayPal. But I doubt that would work.

Here's why I doubt it: your page is HTTP, the window you create is
HTTPS. If you wanted to, you could load a HTTP page that is identical
to the HTTPS version, and the user may then send a credit cart number
over a non-secure connection, not having noticed their connection is no
longer secure. I can't immediately find anything that confirms this,
but intuitively, it seems like it should be. And there might also be a
similar restriction regarding the windows' domains.

But let's back way up - why are you using JavaScript to open the window
in the first place? And backing further up, why do you want to open the
link in a new window?

I'm waiting for .jeff to chime in here ...

On Wednesday, January 15, 2003, at 04:27 PM, Roger Ly wrote:
> Interesting.  Is it just a bug then that when I call
> javascript:alert(window.name); on the new window, that the new window
> becomes something that I can target properly again?  It seems that if I
> couldn't target a window hosted by another domain, then querying the
> window's name shouldn't change anything.  However, once I do that, I
> can
> target the window with each subsequent click on the link (not just the
> first time).

-  -  -  -  -  -  -  -  -  -  -
Erik Mattheis
(612) 377 2272
-  -  -  -  -  -  -  -  -  -  -

More information about the thelist mailing list