[css-fonts-4] Palette leakage needs tests #4252
Description
An author-defined font color palette is only available to the documents that reference it. Using an author-defined color palette outside of the documents that reference it would constitute a security leak since the contents of one page would be able to affect other pages, something an attacker could use as an attack vector.
https://drafts.csswg.org/css-fonts-4/#font-palette-values
This is easily testable (two iframes, referencing the same font, one also has an @font-palette-values rule).