If I want to pop up a dialogue to the user using javascript and then capture the values they input there in the parent window, how?

Google isn't very helpful this morning, but it could be this fucking stomach bug I'm home with.

Do a search on: opener javascript

Opener is what you're looking for.

Thanks Phil.

I'm going to go vomit now, and then I'll start reading these docs.

I can imagine that in some way that could be a security problem, although exactly how you'd exploit it is something I can't quite work out. It just "feels" like it could have some dark purpose... (As the "opener" is persistent across reloads, you could potentially open an off-screen window, hang about checking the URL of the opener window until it becomes something interesting (a bank or online store) and then sucking out some personal details? Needs work, sure, but there's got to be a way. :)

"I can imagine that in some way that could be a security problem, although exactly how you'd exploit it is something I can't quite work out."

The inter-window communication is pretty restricted these days. I believe that trying to access a document (either via a frame or window) from a page that comes from a different domain will fail.

True, although I'm pretty sure another cross-domain scripting vulnerability hit IE recently (something to do with making a response look like CSS, although the details escape me at the moment), so where there's a will there's a way... :)

Something along the lines this should be a starting point:

opener.document.getElementBy('Elementid').value = "muppet is a cunning linguist";

Found the vulnerability:

http://secunia.com/advisories/17564/

It's not too horrific, but apparently it's been spotted in the wild...