Main page
You can compare results below with results for normal web origin (no Content-Disposition header)
The link below will try to escape limited attachment origin using browser-defined window.open().document.write()