Created attachment 1370 [details]
Test window.close() from sandbox - closeTestOpener.html starts the test.

As part of discussions on bug 20939, I've been asked to raise this bug.
The purpose is to look at whether window.close() should be affected by sandboxing rules.

In the specification at http://www.w3.org/html/wg/drafts/html/master/browsers.html#dom-window-close, it states:

"The close() method on Window objects should, if the corresponding browsing context A is script-closable and the browsing context of the script that invokes the method is allowed to navigate the browsing context A, close the browsing context A."

The "allowed to navigate" rules at http://www.w3.org/html/wg/drafts/html/master/browsers.html#allowed-to-navigate, don't include the sandboxing rules, but sandboxing could actually affect whether navigation takes place.
So the question is, if navigation of a browsing context is blocked by sandboxing rules, should window.close() also be blocked.

I believe it should, as (for example) it seems wrong that a sandboxed browsing context is not allowed to navigate top, but is allowed to close it.

I did a quick test to see what happens in a sandbox with allow-scripts, but not allow-top-navigation.
closeTestOpener.html starts the test.
(This test was done in early May, I'm sorry I don't have the versions that were used.)

Firefox, IE10, Chrome and Opera all seem to block the direct navigation of top with window.open(..., "_top").

Only Chrome stops the window.top.close().  It gives the same error as for the navigation, which complains that you are trying to navigate top without allow-top-navigation.

As I have said, Chrome's behaviour seems correct to me.

Thanks,
Bob