← Back to release summary

Remove document.open sandbox inheritance

Category

Security

Type

Feature removal

Status

Enabled by default (Chrome 116)

Intent stage

Prepare to ship

Summary

Sandbox flags of the caller are currently applied to the callee when document.open targets a different window. Stop doing it.

Motivation

The removed behavior was not specified. Safari and Firefox do not implement it. It had no security benefits. It makes it difficult for Chrome's implementation to stay in a consistent state.

Standards & signals

• Specification: https://html.spec.whatwg.org/#document-open-steps
• Firefox: N/A — This aligns Chrome with Firefox, because Safari never implemented this behavior.
• Safari: N/A — This aligns Chrome with Safari, because Safari never implemented this behavior.
• Web developers: No signals
• Tracking bug: https://crbug.com/1186311

Docs: https://docs.google.com/document/d/1_89X4cNUab-PZE0iBDTKIftaQZsFbk7SbFmHbqY54os/edit

View on chromestatus.com