Stop evaluating script elements moved between Documents during fetching

Do not evaluate scripts or fire error/load events, if <script> elements are moved between Documents during fetching. Script elements can be still moved between Documents, but they won't be executed.

This is to prevent possible security bug, because there have been several bad XSS-related bugs in Chromium due to the code path for executing <script> elements moved between Documents.

Documentation

Specification

Public discussion

Status in Chromium

Blink>HTML>Script


Enabled by default (tracking bug) in:

  • Chrome for desktop release 79
  • Chrome for Android release 79
  • Android WebView release 79

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owners

Intent to Prototype url

Intent to Prototype thread

Last updated on 2019-10-17