Window: opener property

Value

A Window-like object referring to the window that opened the current window (using window.open(), or by a link with target attribute set). If this window was not opened by being linked to or created by another, returns null.

If the opener is not on the same origin as the current page, functionality of the opener object is limited. For example, variables and functions on the window object are not accessible. However, navigation of the opener window is possible, which means that the opened page can open a URL in the original tab or window. In some cases, this makes phishing attacks possible, where a trusted page that is opened in the original window is replaced by a phishing page by the newly opened page.

To be exact, for cross-origin opener objects, the following properties are available:

• window
• self
• location: with only the Location.replace and Location.href properties available
• close
• closed
• focus
• blur
• frames
• length
• top
• opener
• parent
• postMessage
• window[0], window[1], etc.

In addition, there are a few properties: then, [Symbol.toStringTag], [Symbol.hasInstance], [Symbol.isConcatSpreadable], which are used by various JavaScript operations. These properties have values undefined. All other properties generate a SecurityError DOMException when accessed.

In the following cases, the browser does not populate window.opener, but leaves it null:

• The opener can be omitted by specifying rel=noopener on a link, or passing noopener in the windowFeatures parameter.
• Windows opened because of links with a target of _blank don't get an opener, unless explicitly requested with rel=opener.
• Having a Cross-Origin-Opener-Policy header with a value of same-origin prevents setting opener. Since the new window is loaded in a different browsing context, it won't have a reference to the opening window.

Specifications

Browser compatibility