Portals in documents with sandboxing flags

[jeremyroman]

Sandboxing flags can be set, for example, with the sandbox attribute of certain elements or the sandbox CSP directive, and can be inherited across window open (depending on the value of sandboxing flags).

For now, Chromium is moving to disallow portal context creation in a sandboxed document (https://crbug.com/1051639).

There are a few other options here we could explore, like allowing it but inheriting sandbox flags, allowing it without inheriting flags, or either of those behaviors but requiring the presence of a similar allow-portals or allow-portals-to-escape-sandbox sandboxing flag.

[jakearchibald]

Inheriting the sandbox means that origin A can set the sandbox on origin B, which could have some lasting impact once the portal to origin B activates, which doesn't seem right.

Disallowing portals in a sandboxed document seems right.

[jeremyroman]

There is also the option an allow-portals-to-escape-sandbox flag. I'm not too concerned about its utility (though I can contrive legitimate uses), though I think usually things affected by sandbox flags do have a way to restore the feature.

[jakearchibald]

Yeah, that's fair