[Popup] Specify that popups in different documents cannot effect each other

[melanierichards]

Something we didn't call out explicitly in the initial popup explainer but had in mind is that each document has its own top layer stack. Interacting with a popup in one document cannot pop a popup off the stack in another document. This prevents cross-document abuse, e.g. in scenarios where a host document may contain several embedded documents in <iframe>s. This issue is a note to self to add this security mitigation explicitly to any spec text.

Refer to MS Edge Explainers #433 for background.

In case the question comes up, popups cannot break out of embedded documents:

Freedom over the size and position of a popup could enable an author to spoof UI belonging to the browser or documents other than the popup’s document. For this reason the popup will be constrained as all other elements of the relevant document are, by clipping the element to the document's layout viewport.

[mfreed7]

The comments on this issue seem to contradict the ones on #319. I.e. #319 says that we might want to hide popups when the focus leaves their document. This one says one document shouldn't affect another, popup-wise. Generally, I agree with the latter - I think separate documents need to stay separate, and it would be bad to have the popup stack close when either a) focus leaves the document, or b) another popup opens in a separate document.

What am I missing?

[mfreed7]

As mentioned here (#319 (comment)), I believe this is a duplicate and can be closed.