Window.name
The Window.name
property gets/sets the name of the window's browsing context.
Syntax
string = window.name; window.name = string;
Description
The name of the window is used primarily for setting targets for hyperlinks and forms. Browsing contexts do not need to have names.
Modern browsers will reset Window.name
to an empty string if a tab loads a page from a different domain, and restore the name if the original page is reloaded (e.g. by selecting the "back" button). This prevents an untrusted page from accessing any information that the previous page might have stored in the property (potentially the new page might also modify such data, which might then be read by the original page if it was reloaded).
Window.name
has also been used in some frameworks for providing cross-domain messaging (e.g. Dojo's dojox.io.windowName) as a more secure alternative to JSONP. Modern web applications hosting sensitive data should, however, not rely on window.name
for cross-domain messaging — that is not its intended purpose and there are safer/better ways of sharing information between windows. Window.postMessage()
is the recommended mechanism.
Note: window.name
converts all stored values to their string representations using the toString
method.
Examples
<script> // Open a tab with a specific browsing context name const otherTab = window.open("url1", "_blank"); if (otherTab) otherTab.name = "other-tab"; </script> <a href="url2" target="other-tab">This link will be opened in the other tab.</a>
Specifications
Specification |
---|
HTML Standard (HTML) # dom-name-dev |
Browser compatibility
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
name |
1 |
12 |
1
Before Firefox 86, if a new page from another domain is loaded into a tab, then
window.name is not set to an empty string, which can allow some cross-site attacks. See bug 1685089 and bug 444222. |
4 |
≤12.1 |
1 |
1 |
18 |
4
Before Firefox 86, if a new page from another domain is loaded into a tab, then
window.name is not set to an empty string, which can allow some cross-site attacks. See bug 1685089 and bug 444222. |
≤12.1 |
1 |
1.0 |
© 2005–2021 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Window/name