Tests/LibWeb: Verify XHR.open() throws on forbidden method

This verifies that XHR.open() throws a Security Error when 'CONNECT',
'TRACE', or 'TRACK' is passed as the method argument.

Tests/LibWeb/Text/input/XHR/XMLHttpRequest-forbidden-method.html

@@ -0,0 +1,20 @@
+<script src="../include.js"></script>
+<script>
+    test(() => {
+        const forbiddenMethods = ["CONNECT", "TRACE", "TRACK"];
+        const SECURITY_ERR = 18;
+        let i = 0;
+        for (const method of forbiddenMethods) {
+            const xhr = new XMLHttpRequest();
+            try {
+                xhr.open(method, "data:text/plain,", true);
+            }
+            catch (e) {
+                if (e.code === SECURITY_ERR)
+                    i += 1;
+            }
+        }
+        if (i === forbiddenMethods.length)
+            println("PASS");
+    });
+</script>