We will open the same site using window.open without the hardening, get its window object. 
When having a window object, we can do malicious stuff..