Window: opener property
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.
The Window
interface's
opener
property returns a reference to the window that
opened the window, either with open()
, or by navigating
a link with a target
attribute.
In other words, if window A
opens window B
,
B.opener
returns A
.
Value
A Window
-like object referring to the window that opened the current
window (using window.open()
, or by a link with target
attribute set). If this window was not opened by being linked to or created by
another, returns null
.
If the opener is not on the same origin as the current page, functionality of the opener object is limited. For example, variables and functions on the window object are not accessible. However, navigation of the opener window is possible, which means that the opened page can open a URL in the original tab or window. In some cases, this makes phishing attacks possible, where a trusted page that is opened in the original window is replaced by a phishing page by the newly opened page.
To be exact, for cross-origin opener objects, the following properties are available:
window
self
location
: with only theLocation.replace
andLocation.href
properties availableclose
closed
focus
blur
frames
length
top
opener
parent
postMessage
window[0]
,window[1]
, etc.
In addition, there are a few properties: then
, [Symbol.toStringTag]
, [Symbol.hasInstance]
, [Symbol.isConcatSpreadable]
, which are used by various JavaScript operations. These properties have values undefined
. All other properties generate a SecurityError
DOMException
when accessed.
In the following cases, the browser does not populate window.opener
, but
leaves it null
:
- The opener can be omitted by specifying
rel=noopener
on a link, or passingnoopener
in thewindowFeatures
parameter. - Windows opened because of links with a
target
of_blank
don't get anopener
, unless explicitly requested withrel=opener
. - Having a
Cross-Origin-Opener-Policy
header with a value ofsame-origin
prevents settingopener
. Since the new window is loaded in a different browsing context, it won't have a reference to the opening window.
Specifications
Specification |
---|
HTML Standard # dom-opener-dev |
Browser compatibility
BCD tables only load in the browser