AWindow-like object referring to the window that opened the currentwindow (usingwindow.open(), or by a link withtarget attribute set). If this window was not opened by being linked to or created byanother, returnsnull.

If the opener is not on the same origin as the current page, functionality of theopener object is limited. For example, variables and functions on the window object arenot accessible. However, navigation of the opener window is possible, which means thatthe opened page can open a URL in the original tab or window. In some cases, this makesphishing attacks possible, where a trusted page that is opened in the original window isreplaced by a phishing page by the newly opened page.

To be exact, for cross-origin opener objects, the following properties are available:

• window
• self
• location: with only theLocation.replace andLocation.href properties available
• close
• closed
• focus
• blur
• frames
• length
• top
• opener
• parent
• postMessage
• window[0],window[1], etc.

In addition, there are a few properties:then,[Symbol.toStringTag],[Symbol.hasInstance],[Symbol.isConcatSpreadable], which are used by various JavaScript operations. These properties have valuesundefined. All other properties generate aSecurityErrorDOMException when accessed.

In the following cases, the browser does not populatewindow.opener, butleaves itnull:

• The opener can be omitted by specifyingrel=noopener on a link, or passingnoopener in thewindowFeatures parameter.
• Windows opened because of links with atarget of_blank don't get anopener, unless explicitlyrequested withrel=opener.
• Having aCross-Origin-Opener-Policy header with a value ofsame-origin prevents settingopener. Since the new window isloaded in a different browsing context, it won't have a reference to the openingwindow.