Auto merge of #15358 - asajeffrey:script-browsingcontext-xorigin-window, r=jdm

Allow browsing contexts to resolve to cross-origin windows

<!-- Please describe your changes on the following line: -->

This PR implements cross-thread `WindowProxy` objects.

At the moment, if a `Window` performs a non-similar-origin navigation, the old script thread does not update its `WindowProxy`, since the new `Window` is in the new script thread. With this PR, the `WindowProxy` is updated to a dummy `XOriginWindow` object, that only implements the whitelisted methods that are allowed to be called cross-origin.

This PR does not include working implementations of some of the cross-origin `Window` or `Location` methods.

This PR causes some cross-origin wpt tests to now pass, in particular `/html/browsers/origin/cross-origin-objects/cross-origin-objects.html ` now passes `Only whitelisted properties are accessible cross-origin`. There are some CORS failures in `fetch`, I suspect caused by the incorrect setting of `origin` in fetch requests.

Although there are some functions that now throw `SecurityException`, it is not meant to be a complete implementation, which will have to wait for XOWs to land.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #15180.
- [X] There are tests for these changes

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/15358)
<!-- Reviewable:end -->

tests/wpt/mozilla/meta/MANIFEST.json

@@ -12721,6 +12721,14 @@
      {}
     ]
    ],
+   "mozilla/cross-origin-objects/cross-origin-objects.html": [
+    [
+     "/_mozilla/mozilla/cross-origin-objects/cross-origin-objects.html",
+     {
+      "timeout": "long"
+     }
+    ]
+   ],
    "mozilla/deterministic-raf.html": [
     [
      "/_mozilla/mozilla/deterministic-raf.html",
@@ -25350,6 +25358,10 @@
    "f1029d519aa7017a1a3d18a891a0774b9a39f847",
    "testharness"
   ],
+  "mozilla/cross-origin-objects/cross-origin-objects.html": [
+   "5d5a3ba4099dfabddbed1ea98ad8fe1f5c00a3d3",
+   "testharness"
+  ],
   "mozilla/details_ui_closed.html": [
    "2acbe3afbec267bad4dd986803e636740a707507",
    "reftest"

tests/wpt/mozilla/meta/mozilla/cross-origin-objects/cross-origin-objects.html.ini

@@ -0,0 +1,5 @@
+[cross-origin-objects.html]
+  type: testharness
+
+  [Parentage of cross-origin windows]
+    expected: FAIL

tests/wpt/mozilla/tests/mozilla/cross-origin-objects/cross-origin-objects.html

@@ -0,0 +1,118 @@
+<!doctype html>
+<meta charset=utf-8>
+<meta name="timeout" content="long">
+<title>Cross-origin behavior of Window and Location</title>
+<link rel="author" title="Bobby Holley (:bholley)" href="bobbyholley@gmail.com">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#security-window">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#security-location">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<div id=log></div>
+<script>
+
+/*
+ * This is a stripped down version of
+ * /html/browsers/origin/cross-origin-objects/cross-origin-objects.html,
+ * which runs the tests in a dissimilar-origin iframe.
+ * This is a temporary work-around until the web-platform-tests supports
+ * more than one domain.
+ */
+
+var UrlB = "/common/blank.html";
+var UrlC = "http://127.0.0.1:8000/common/blank.html";
+
+/*
+ * Parentage
+ */
+
+async_test(function(t) {
+  var IframeB = document.createElement("iframe");
+  var IframeC = document.createElement("iframe");
+  var B = null;
+  var C = null;
+  IframeC.onload = t.step_func(function() {
+    if (!B || !C) {
+      B = IframeB.contentWindow;
+      C = IframeC.contentWindow;
+      IframeB.src = UrlB;
+      IframeC.src = UrlC;
+    } else {
+      assert_equals(B.parent, window, "window.parent works same-origin");
+      assert_equals(C.parent, window, "window.parent works cross-origin");
+      assert_equals(B.top, window, "window.top works same-origin");
+      assert_equals(C.top, window, "window.top works cross-origin");
+      t.done();
+    }
+  });
+  document.body.appendChild(IframeB);
+  document.body.appendChild(IframeC);
+},"Parentage of cross-origin windows");
+
+/*
+ * Whitelist behavior.
+ *
+ * Also tests for [[GetOwnProperty]] and [[HasOwnProperty]] behavior.
+ */
+
+var whitelistedWindowIndices = ['0', '1'];
+var whitelistedWindowPropNames = ['location', 'postMessage', 'window', 'frames', 'self', 'top', 'parent',
+                                  'opener', 'closed', 'close', 'blur', 'focus', 'length'];
+whitelistedWindowPropNames = whitelistedWindowPropNames.concat(whitelistedWindowIndices);
+whitelistedWindowPropNames.sort();
+var whitelistedLocationPropNames = ['href', 'replace'];
+whitelistedLocationPropNames.sort();
+var whitelistedSymbols = [Symbol.toStringTag, Symbol.hasInstance,
+                          Symbol.isConcatSpreadable];
+var whitelistedWindowProps = whitelistedWindowPropNames.concat(whitelistedSymbols);
+
+async_test(function(t) {
+  var IframeB = document.createElement("iframe");
+  var IframeC = document.createElement("iframe");
+  var B = null;
+  var C = null;
+  IframeC.onload = t.step_func(function() {
+    if (!B || !C) {
+      B = IframeB.contentWindow;
+      C = IframeC.contentWindow;
+      IframeB.src = UrlB;
+      IframeC.src = UrlC;
+    } else {
+      for (var prop in window) {
+        if (whitelistedWindowProps.indexOf(prop) != -1) {
+          C[prop]; // Shouldn't throw.
+          Object.getOwnPropertyDescriptor(C, prop); // Shouldn't throw.
+          assert_true(Object.prototype.hasOwnProperty.call(C, prop), "hasOwnProperty for " + String(prop));
+        } else {
+          assert_throws("SecurityError", function() { C[prop]; }, "Should throw when accessing " + String(prop) + " on Window");
+          assert_throws("SecurityError", function() { Object.getOwnPropertyDescriptor(C, prop); },
+                        "Should throw when accessing property descriptor for " + prop + " on Window");
+          assert_throws("SecurityError", function() { Object.prototype.hasOwnProperty.call(C, prop); },
+                        "Should throw when invoking hasOwnProperty for " + prop + " on Window");
+        }
+        if (prop != 'location')
+          assert_throws("SecurityError", function() { C[prop] = undefined; }, "Should throw when writing to " + prop + " on Window");
+      }
+      for (var prop in location) {
+        if (prop == 'replace') {
+          C.location[prop]; // Shouldn't throw.
+          Object.getOwnPropertyDescriptor(C.location, prop); // Shouldn't throw.
+          assert_true(Object.prototype.hasOwnProperty.call(C.location, prop), "hasOwnProperty for " + prop);
+        }
+        else {
+          assert_throws("SecurityError", function() { C[prop]; }, "Should throw when accessing " + prop + " on Location");
+          assert_throws("SecurityError", function() { Object.getOwnPropertyDescriptor(C, prop); },
+                        "Should throw when accessing property descriptor for " + prop + " on Location");
+          assert_throws("SecurityError", function() { Object.prototype.hasOwnProperty.call(C, prop); },
+                        "Should throw when invoking hasOwnProperty for " + prop + " on Location");
+        }
+        if (prop != 'href')
+          assert_throws("SecurityError", function() { C[prop] = undefined; }, "Should throw when writing to " + prop + " on Location");
+      }
+      t.done();
+    }
+  });
+  document.body.appendChild(IframeB);
+  document.body.appendChild(IframeC);
+}, "Only whitelisted properties are accessible cross-origin");
+
+</script>