open a new browser window

I want to convert a python desktop app to django. The desktop app is able to open multi-instances of the same form. Each new form is independent of the others. I want to do the same thing using django. I discovered that I can use the following to open new browser windows:
python3 -m webbrowser -n “https://www.google.com
So I wonder if that command (or something similar) can be used from a django app to open the same app multiple times. If it can - does someone have an example?
Opening the same url multiple times.

  1. open …/enroll.html
    then from …/enroll.html open the same url …/enroll.html in a new browser window.
    Johnf

I am not aware of any mechanism allowing for the server to force the browser to open a new tab or window. However, you can write some JavaScript that will open a URL in a new tab or window.

I have investigated the javascript way but I was concerned that I would lose the XSS and any special keys I might have to pass.
There just has to be a way to emulate a desktop app ability to open the same form.

Thanks anyway.

No, there really doesn’t. On many levels the browser is fundamentally different from a desktop application. It’s by design. It would be extremely dangerous to give a remote server the type of control over a user’s computer available to a local application. The security implications are unacceptable.

My app does not really use any of the OS features you might be concern with - printing, sending emails, Database access all can be done from the web (at least that is what my research shows). But what I couldn’t find was the ability to open the same form multiple times. My desktop app allows the user to open the same form multiple times and each new form is independent of the other forms. I did find ‘window.open()’. That might work but I was concerned how XSS might not work.

Actually, it does - what I’m concerned with is the server being able to open arbitrary windows with characteristics defined by that server.

Notice that everything you list as a feature (print, etc) aren’t actually done by the remote server. They’re done by APIs provided by the browser with the permission of the host operating system.

Specifically, what are you concerned about? Have you actually tried it to see what the effect is going to be?

The research I have done is the following:

  1. open a url - then copy the url and open it again in a new tab. It works.
  2. researched the issue of opening the same form multiple times using “window.open()”. I’m going to try that today.
    “window.open” is a javascript command. I believe I can provide a navbar that will be link to the “window.open()” command. It appears that I can pass the CSRF token. But I’m not sure that is possible. This all new to me so any help or pointing me in the right direction - is appreciated.

You shouldn’t need to. That target window is going to do a GET from the view identified in the open call. That view is going to supply it’s own CSRF token.

Oh wow I did not realize where the TOKEN came from. As I study more of the django framework - I will learn.
Johnf