Same Origin Policy in Tabs
Whenever we create a reference to different window/site by creating a reference variable, the referenced website or windows has a reference back via window.opener.
Lets see a live demo for this
Start by creating a reference to sitea.com from sitea.com
- Visit sitea.com and open browser console.
1var bob = window.open('http://sitea.com')
- Switch to sitea.com opened into new window and open Browser Console.
5. We are able to read data of origin
6. If you think from attacker perpective, what if referenced window can change the origin window location.
- A malicious user can change location of origin window to any attacker controlled website
Note for Pankaj Read more about tab nabbing or any related attack. Also watch Kirk video where he explain attacks like this