[thelist] Weird window targetting problem with javascript links
Erik Mattheis
gozz at gozz.com
Wed Jan 15 17:31:02 CST 2003
Now that I look at the PalPal code, I see:
<script language="JavaScript">
self.name = "paypal";
</script>
You might want to see what happens if you name the window paypal
instead of PayPal. But I doubt that would work.
Here's why I doubt it: your page is HTTP, the window you create is
HTTPS. If you wanted to, you could load a HTTP page that is identical
to the HTTPS version, and the user may then send a credit cart number
over a non-secure connection, not having noticed their connection is no
longer secure. I can't immediately find anything that confirms this,
but intuitively, it seems like it should be. And there might also be a
similar restriction regarding the windows' domains.
But let's back way up - why are you using JavaScript to open the window
in the first place? And backing further up, why do you want to open the
link in a new window?
I'm waiting for .jeff to chime in here ...
On Wednesday, January 15, 2003, at 04:27 PM, Roger Ly wrote:
> Interesting. Is it just a bug then that when I call
> javascript:alert(window.name); on the new window, that the new window
> becomes something that I can target properly again? It seems that if I
> couldn't target a window hosted by another domain, then querying the
> window's name shouldn't change anything. However, once I do that, I
> can
> target the window with each subsequent click on the link (not just the
> first time).
- - - - - - - - - - -
Erik Mattheis
(612) 377 2272
<http://goZz.com/>
- - - - - - - - - - -
More information about the thelist
mailing list