Can I wrap native JavaScript methods with my aspects?

If I am understanding this correctly, you want to do something like authenticate someone, if the auth is returned true then invoke window.open. Really all you need to do is create a JS function that runs your security call and if it is true or validates to what you want, then have it run window.open. However I would stay away from doing security and authentication calls in JS as it is really to do JS insertion and hacking, as well as read the code and get the URL that way. The most secure thing to do, is to perform all of the authentication/security servierside and then return the window.open call through a XMLHttpRequest that will execute JS on completion of the call. This I believe can be done semi-easily using something like Prototype to handle all of the XHR requests

Would it work to only enable the window.open() call on the page if the user was authenticated when the page was served to them?

Thanks for the informative answers. Actually, I didn’t explain myself properly – what I need to run before the window.open call isn’t related to authentication but rather to privileges of the browser (my user agent is XULRunner, which requires this).
I’m using the FCKEditor, which performs window.open in its code, & wanted to enable it under XULRunner.