Reintroduce the dependency on a parent's security.

[mikewest]

The patch in 98f2c26 inadvertantly removed the check which ensured that nested browsing contexts would be treated as non-secure in cases where an ancestor was non-secure. This patch reintroduces that check by requiring 'contextual security' for any parent browsing context's active document.

Closes #54. Thanks to @bzbarsky for noticing the removal.

---

Preview | Diff

[mikewest]

WDYT, @bzbarsky/@annevk?

[estark37]

LGTM!

[annevk]

This looks good. I did find #56 while looking at the overall algorithm again though. (Might not be a problem per se in implementations. Not sure if anyone supports nested workers yet.)

[annevk]

Also found #57.

[bzbarsky]

Gecko supports nested workers. I'll follow up in #56 on what we implement.