On a page from a website (one of ours) I can enter in the url the following code:
javascript:createNewWindow('Something', 100, 100, 'Text')
Is there a way someone can exploit this?
function createNewWindow(url, widthIn, heightIn, title)
{
var strOptions='toolbar=0,location=0,directories=0,status=1,menubar=0,scrollbars=1,resizable=1,width=' + widthIn + ',height=' + heightIn;
var newWin = open( url,title,strOptions );
newWin.focus();
}