A navigation's current entry index can be −1 even when it does not have entries and events disabled #11811
Description
What is the issue with the HTML Standard?
Currently, when getting the current entry of a navigation, the spec checks if the navigation has entries and events disabled, and if not, asserts that the navigation's current entry index is not −1.
However, in the case of an iframe whose document is initial about:blank and then has document.open() called on it, we end up in a state where the document is no longer initial about:blank but the navigation's current entry index is still -1. If a fragment navigation (or an additional document.open) is then attempted within this iframe, we will end up within the update the navigation API entries for a same-document navigation steps with has entries and events disabled being false, and so when we enter step 2 we will trigger the aforementioned assertion.
This came up when looking at failures of a Gecko-internal test (https://searchfox.org/firefox-main/source/dom/html/test/test_bug478251.html, https://treeherder.mozilla.org/logviewer?job_id=531454468&repo=try&task=aSvFFj98Qe6v4MAU9FDvTw.0&lineNumber=3981). It appears that this specific failure does not occur within Blink or Webkit as they treat document's which have had document.open called on them as being in a form of intermediate state of initial about:blank, which they still consider as having entries and events disabled (see https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/loader/frame_loader.h;l=337;drc=c5fe0d8a9bd7720d7c8738130a24ac7597178c87 and https://searchfox.org/wubkat/rev/919691a4ebb09a93c2dc093686cdc284e35ff623/Source/WebCore/loader/FrameLoaderStateMachine.h#48).