https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-open-steps has: > 3. Let entryDocument be the responsible document specified by the entry settings object. > > 4. If document's origin is not same origin to entryDocument's origin, then throw a "SecurityError" DOMException. This also applies to implicit calls to document.open() by way of document.write(). Tests: - https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/bailout-exception-vs-return-origin.sub.window.js - https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/origin-check-in-document-open-same-origin-domain.sub.html
Another test: - https://github.com/web-platform-tests/wpt/blob/master/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/bailout-side-effects-same-origin-domain.sub.window.html
<rdar://problem/44282700>
Created attachment 350979 [details] Patch
Created attachment 350983 [details] Patch
ping review?
Comment on attachment 350983 [details] Patch Clearing flags on attachment: 350983 Committed r236613: <https://trac.webkit.org/changeset/236613>
All reviewed patches have been landed. Closing bug.