diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c
index 94702a9a3a..243e6afcee 100644
--- a/src/nvim/getchar.c
+++ b/src/nvim/getchar.c
@@ -1244,6 +1244,13 @@ openscript (
     EMSG(_(e_nesting));
     return;
   }
+
+  // Disallow sourcing a file in the sandbox, the commands would be executed
+  // later, possibly outside of the sandbox.
+  if (check_secure()) {
+    return;
+  }
+
   if (ignore_script)
     /* Not reading from script, also don't open one.  Warning message? */
     return;