Bug 297874

Summary: Crash when accessing the contenWindow attribute of a cross origin iframe with site isolation turned on. Only reproducible when running JS from the WebInspector. Steps To Reproduce: 1. Open MiniBrowser 2. Ensure that site isolation is enabled (Settings -> Internal Features -> Site Isolation) 3. Navigate to about:blank 4. Open the Web Inspector Console 5. Run the following JS in the console: ``` let i = document.createElement('iframe'); document.body.appendChild(i); i.src = 'https://example.org'; console.log(i.contentWindow); ``` Results: Observe a crash when trying to access the contentWindow attribute. Crash occurs because a downcast from RemoteDOMWindow to LocalDOMWindow fails (specifically fails this assert https://searchfox.org/wubkat/source/Source/WTF/wtf/TypeCasts.h#96). The downcast is invoked from `WebCore::activeDOMWindow` which was originally called from `JSDOMBindingSecurity::remoteFrameAccessError` https://searchfox.org/wubkat/source/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp#49. Regression: Issue only occurs from running the JS inside the WebInspector. Adding a cross origin iframe and accessing its contentWindow works fine in layout tests, just note in the WebInspector UI. Reproducing on WebKit commit 9892235 from 8/20.

Pull request: https://github.com/WebKit/WebKit/pull/49861

Committed 299777@main (8fb7be5683f4): <https://commits.webkit.org/299777@main> Reviewed commits have been landed. Closing PR #49861 and removing active labels.