https://vuln.shhnjk.com/COOP_bypass.php is affected by bug 1522083 I think. Currently the blob: URL popup this creates cannot be interacted with at all. And also, comment 10 forgets that we have some inheritance already as per comment 4. Maybe the main difference/problem here is that `<a>` is used? I'll see about creating more tests.
Bug 1570889 Comment 12 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
https://vuln.shhnjk.com/COOP_bypass.php is affected by bug 1522083 I think. Currently the blob: URL popup this creates cannot be interacted with at all. And also, comment 10 forgets that we have some inheritance already as per comment 4. Maybe the main difference/problem here is that `<a>` is used? I'll see about creating more tests. (If I change target=_blank to target=test I can no longer reproduce the attack btw. It seems COOP inheritance is now working correctly here.)