This test shows that cross-site documents are blocked by SiteIsolationPolicy even if the Same Origin Policy is turned off in the renderer. The Same Origin Policy can be circumvented when the renderer is compromised, but we have SiteIsolationPolicy that blocks cross-site documents at the IPC layer. For now cross-site document blocking by SiteIsolationPolicy is done in the renderer, but our ultimate plan is to do that in the browser process.