Add spec for cross-origin blockage

spec/api-browser-window-spec.js

@@ -1285,6 +1285,14 @@ describe('BrowserWindow module', function () {
         w.loadURL('file://' + path.join(fixtures, 'api', 'native-window-open-file.html'))
       })
 
+      it('blocks accessing cross-origin frames', (done) => {
+        ipcMain.once('answer', (event, content) => {
+          assert.equal(content, 'Blocked a frame with origin "file://" from accessing a cross-origin frame.')
+          done()
+        })
+        w.loadURL('file://' + path.join(fixtures, 'api', 'native-window-open-cross-origin.html'))
+      })
+
       it('opens window from <iframe> tags', (done) => {
         ipcMain.once('answer', (event, content) => {
           assert.equal(content, 'Hello')

spec/fixtures/api/native-window-open-cross-origin.html

@@ -0,0 +1,19 @@
+<html>
+<body>
+<script type="text/javascript" charset="utf-8">
+  const {ipcRenderer} = require('electron')
+  const popup = window.open('http://host')
+  const intervalID = setInterval(function () {
+    try {
+      if (popup.location.toString() !== 'about:blank') {
+        clearInterval(intervalID)
+        ipcRenderer.send('answer', 'did not throw error')
+      }
+    } catch (error) {
+      clearInterval(intervalID)
+      ipcRenderer.send('answer', error.message)
+    }
+  }, 10)
+</script>
+</body>
+</html>