Don't propagate sandbox flags to an opened window unless triggered entirely by script.

This was regressed in http://src.chromium.org/viewvc/blink?revision=161843&view=revision,
when we started propagating sandbox flags to new windows via FrameLoader::forceSandboxFlags
even if the new window was caused by clicking a link with target="_blank".

BUG=353253
TEST=http/tests/navigation/new-window-sandboxed-iframe.html

Review URL: https://codereview.chromium.org/208853004

git-svn-id: svn://svn.chromium.org/blink/trunk@169970 bbb929c8-8fbe-4397-9dbb-9b2b20218538

third_party/WebKit/LayoutTests/http/tests/navigation/new-window-sandboxed-iframe-expected.txt

+
+
+============== Back Forward List ==============
+curr->  http://127.0.0.1:8000/navigation/new-window-sandboxed-iframe.html
+            http://127.0.0.1:8000/navigation/resources/new-window-sandboxed-iframe-iframe.html (in frame "<!--framePath //<!--frame0-->-->")
+===============================================
+
+============== Back Forward List ==============
+        http://127.0.0.1:8000/navigation/resources/new-window-sandboxed-iframe-destination.html
+            http://127.0.0.1:8000/navigation/resources/new-window-sandboxed-iframe-destination-iframe.html (in frame "<!--framePath //<!--frame0-->-->")
+curr->  http://127.0.0.1:8000/navigation/resources/notify-done.html
+===============================================

third_party/WebKit/LayoutTests/http/tests/navigation/new-window-sandboxed-iframe.html

+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpBackForwardList();
+    testRunner.waitUntilDone();
+    testRunner.setCanOpenWindows();
+}
+</script>
+<iframe sandbox="allow-scripts allow-forms allow-same-origin allow-popups" src="resources/new-window-sandboxed-iframe-iframe.html"></iframe>

third_party/WebKit/LayoutTests/http/tests/navigation/resources/new-window-sandboxed-iframe-destination-iframe.html

+<script>
+window.onload = function() {
+    document.getElementById("a").click();
+};
+</script>
+<a id="a" href="notify-done.html" target="_top">Click here</a>

third_party/WebKit/LayoutTests/http/tests/navigation/resources/new-window-sandboxed-iframe-destination.html

+<iframe src="new-window-sandboxed-iframe-destination-iframe.html"></iframe>

third_party/WebKit/LayoutTests/http/tests/navigation/resources/new-window-sandboxed-iframe-iframe.html

+<script>
+window.onload = function() {
+    document.getElementById("a").click();
+};
+</script>
+<a id="a" href="new-window-sandboxed-iframe-destination.html" target="_blank"></a>
+

third_party/WebKit/Source/core/page/CreateWindow.cpp

@@ -81,8 +81,6 @@ static LocalFrame* createWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame
     ASSERT(page->mainFrame());
     LocalFrame& frame = *page->mainFrame();
 
-    frame.loader().forceSandboxFlags(openerFrame.document()->sandboxFlags());
-
     if (request.frameName() != "_blank")
         frame.tree().setName(request.frameName());
 
@@ -141,6 +139,9 @@ LocalFrame* createWindow(const String& urlString, const AtomicString& frameName,
     if (!newFrame)
         return 0;
 
+    if (newFrame != &openerFrame && newFrame != openerFrame.tree().top())
+        newFrame->loader().forceSandboxFlags(openerFrame.document()->sandboxFlags());
+
     newFrame->loader().setOpener(&openerFrame);
     newFrame->page()->setOpenedByDOM();