Same Origin Policy in Tabs
Remember each tab or window is isolated from each other. And as I mentioned earlier, each site has its own JavaScript context or say JavaScript execution environment
Whenever we create a reference to different window/site by creating a reference variable, the referenced website or windows has a reference back via window.opener.
![](../../../images/sop/tab1.png)
Lets see a live demo for this
Start by creating a reference to sitea.com from sitea.com
Steps -
- Visit sitea.com and open browser console.
- Type
1var bob = window.open('http://sitea.com')
![](../../../images/sop/tab2.png)
- Switch to sitea.com opened into new window and open Browser Console.
- Type
1window.opener.document.body
sitea.com
window.
6. If you think from attacker perpective, what if referenced window can change the origin window location.
7. Type
1window.opener.location.replace("https://example.com")
![](../../../images/sop/tab4.png)
- A malicious user can change location of origin window to any attacker controlled website
This kind of attack is called Tab-nabbing attack
Note for Pankaj Read more about tab nabbing or any related attack. Also watch Kirk video where he explain attacks like this