none
IE 11 window.opener in popup dialog

    Question

  • I am using Windows 8.1 preview with IE11.
    a) I am having HTTPS website.
    b) I open a HTTPS dialog box from here (on some of the events).
    c) When I call some event on this modal window it calls some of the event and response.redirect redirect it to html file where the value of window.opener is coming as undefined.

    Note:

    a) logged into windows without domain (like ramakrishna_gupta):  Then it is working (issue does not exist) if user is Admin and non-Admin users.

    b) Logged into windows in domain (like domain\ramakrishna_gupta):  Then it is working for Admin but issue exist/occurs for non-Admin users.


    (What I understood overall or step to reproduce is that if we open a https modal/popup window from https site and then call some event and that event does redirect to html file and that file is having script in header of window.opener and that is coming as undefined but remember logged in user is in Active directory non-admin user).



    Observation:
    a) If we add website in 'trusted sites' then it is working fine and I am getting window.opener as an object.
    b) Also this is working in earlier version of IE (from IE 7 til IE10) means I was getting window.opener as an object in earlier versions.

    But I cannot ask customer/s to add our site to trusted sites.

    Note: My webapp is Java based Application.

    -Ramakrishna

    Monday, September 23, 2013 4:17 AM

All replies

  • Hi Ramkrishna,

    can you provide a link to your website or a mashup that shows the issue...?

    (you can find a list of changes for IE11 here - http://msdn.microsoft.com/en-us/library/ie/bg182636(v=vs.85).aspx)

    "a) logged into windows without domain (like ramakrishna_gupta):  Then it is working (issue does not exist) if user is Admin and non-Admin users." - means that your site is not mapping to the Intranet zone (file>Properties menu to determine which IE security zone it maps to)

    When testing your web apps..

    1. Reset your IE Security zone to the default... Security tab, click "reset all zones to default"

    2. Start your test cycle.... note which IE Security zone (File>Properties) your site maps to...

    3. You can debug popup windows in IE11 by selecting the "Inspect Element" right-click context menu... determine which security zone it maps to from the "Properties" context menu.

    If your site is an in-house intranet site that accesses external content from a public access website or CDN storage then YOU HAVE to add those site domains to your Trusted Sites List... If you are using Cross Site Scripting, then add those domains to YOUR Intranet zone list (where it is enabled by default)

    Not much we can say without being able to test it for ourselves.

    Regards


    Rob^_^

    Monday, September 23, 2013 5:40 AM
  • Stated technically, his issue is: "The window.opener property is nulled in a particular scenario when Protected Mode / UAC are enabled for the content in question."

    It's extremely unlikely that the user account has anything to do with this, other than the impact of the user-account on whether UAC is enabled for the accounts in question.

    Problems with lost context between windows due to Protected Mode have plagued IE since that feature's introduction. Generally, these are corner cases (like this one) and thus only get fixed when they impact a significant scenario or block a customer deployment, when they're fixed in a hotfix or GDR.

    Tuesday, September 24, 2013 7:23 PM
  • Hi,

    Problem is because of Protected mode and we cannot ask customer to disable as it is a security threat and customers won't agree (as per past experience with customers). Even I as a user won't agree to disable it to just access my product website.

    If you have a https website then it is very easy. Even window.open(url,param1, param2) will return null.

    So to re-produce the step, please note main/parent window and child window are opened up in https.

    a) Open a page in https://abc.com/index.html.

    b) Open a pop up from this index.html like window.open(url, param1, param2).

    c) This will open a popup window and if you check the value of window.opener then you will get it as undefined.

    My application is running in "Internet" Zone.

    If we uncheck Protected mode or add to trusted sites (where EPM is by default unchecked) then it is working fine, but we cannot customer to do so.

    Even I tried to convert it to modal dialog but again faced the same issue. Please note that in our case this is https site.

    I did some small testing in other windows OS also, it was working in Win 7 with IE11 and Win 8 with IE11 (I didn't performed this testing properly but most probably this results are correct for Win 7 with IE11 and Win 8 with IE11 we are not seeing this issue), but issue is in Win 8.1 with IE11 (tested 100%) .

    Thanks,

    Ramakrishna Gupta



    Tuesday, October 01, 2013 1:13 PM