[Blob URL] Add tests for enforcing noopener on a / area clicks
For cross-top-level-site navigations via clicking "a" and "area"
links that use target="_blank" rel="opener", we should enforce
noopener as part of Blob URL partitioning.
"window.opener" can also get set on form submissions, but from testing
in Chrome, Firefox, and Safari, we can't successfully perform a form
submission to a Blob URL (if the method is GET, it seems that the
appended '?' breaks the Blob URL lookup, and POST doesn't work either
because it is an unsupported method for Blob URLs).
For more information, see:
https://docs.google.com/document/d/1Xk73RLlLgfVw1p2tYBGqlP7ROQxaMh6kxfusSMm9exM/edit?usp=sharing
Bug: 361751872
Change-Id: I723a0cf0df73ebb2f81f3fced496248d5c7a9798
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5979376
Reviewed-by: Steven Bingler bingler@chromium.org
Commit-Queue: Andrew Williams awillia@chromium.org
Cr-Commit-Position: refs/heads/main@{#1377218}