Giant Robot

On a current project, we have links to another online application. The login page of this app has javascript to ensure that should a site link to it using target='_blank' or any other method of window opening, then it will instead 'hijack' the parent window and close the blank one.

I'm sure that made sense to the developers at the time, but if you're trying to link in an action (eg confirming an event booking) from your own scheduling application, you don't want the event you're editing getting wiped out because some other website says so.

Here is the code on the remote site, which was closing the blank window we'd thoughtfully provided them and hijacking its parent instead:

// redirect opening window and close myself.
if (window.opener) {
window.opener.location = window.location
window.close()
}

We solved this by opening the new window and sending it to a page on our own site (with the remote site's URL supplied as an argument). Then we set its window.opener property to NULL and direct the window to the remote site - where it will display as per normal, and leave the page we're working in alone.

This is the JavaScript on our local page ('site' is the variable which holds the remote site URL).

// i'm the air marshall, i'm here to prevent hijackers
window.opener = null ;
document.location.href = 'http://' + site ;

The new window is opened, forgets its ancestry, and is sent off to do our bidding without fear of repercussions on its family. Beaut.