mirror of
https://github.com/servo/servo
synced 2026-05-12 09:56:50 +02:00
01a29209b2
We now check for this header and corresponding logic. The WPT tests mostly pass, but rely on the `contentDocument` of the iframe to be `null`. This is not something we did before, which means that iframes were able to access the contents of error pages. Instead, we now mark the document as internal with an opaque origin according to the spec [1]. We shouldn't do this post-fact, but is required since we first need to construct the document and enter its realm, before we determine that it is an invalid document. Fixes #16103 [1]: https://html.spec.whatwg.org/multipage/document-lifecycle.html#navigate-ua-inline Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>