Prevent top-level navigation of data URLs

Tests: web-platform-tests/wpt#17730.

source

@@ -84565,6 +84565,11 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
      and <var>browsingContext</var>, then set <var>response</var> to a <span>network error</span>
      and <span>break</span>. <ref spec="CSP"></p></li>
 
+     <li><p>Otherwise, if <var>browsingContext</var> is a <span>top-level browsing context</span>
+     and <var>currentURL</var>'s <span data-x="concept-url-scheme">scheme</span> is "<code
+     data-x="">data</code>", set <var>response</var> to a <span>network error</span> and
+     <span>break</span>.</p></li>
+
      <li>
       <p>Otherwise:</p>
 
@@ -84603,7 +84608,14 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    data-x="concept-response-location-url">location URL</span> that is a <span>URL</span> whose <span
    data-x="concept-url-scheme">scheme</span> is "<code data-x="">blob</code>", "<code
    data-x="">file</code>", "<code data-x="">filesystem</code>", or "<code
-   data-x="">javascript</code>", then set <var>response</var> to a network error.</p></li>
+   data-x="">javascript</code>", then set <var>response</var> to a <span>network
+   error</span>.</p></li>
+
+   <li><p>Otherwise, if <var>response</var> has a <span
+   data-x="concept-response-location-url">location URL</span> that is a <span>URL</span> whose <span
+   data-x="concept-url-scheme">scheme</span> is "<code data-x="">data</code>" and
+   <var>browsingContext</var> is a <span>top-level browsing context</span>, then set
+   <var>response</var> to a <span>network error</span>.</p></li>
 
    <li><p>Otherwise, if <var>response</var> has a <span
    data-x="concept-response-location-url">location URL</span> that is a <span>URL</span> whose <span