This test case points to a data: URL. If address bar is not updated to data: URL, this means data: URLs are not tracked and can be potentially used for spoofing.
This test case utilizes data: URL and an iframe pointing to filtered port. If address bar is not updated to data: URL, this can be potentially used for spoofing in some scenarios.
This test case calls native UIWebView window.open trying to spoof http://www.example.com.
If a browser fails this test (allows spoofing), it is probably caused by not updating address bar on didFailLoadWithError
This test case calls native UIWebView window.open trying to spoof https://www.apple.com.
This test case verifies address bar behaviour on about: URL other than about:blank (in this case, about:history).
This test case redirects to non-existent domain. If this page content still remains, but the address bar ends up being https://login.example.com, it may be used for spoofing.
This test case is redirecting to filtered port in a loop. If address bar is updated before navigation actually happens, this allows address bar spoofing.
In case of a mobile device, the user is likely to ignore the progress bar, if there is any.
The next part is about downloads