Check URL is in app scope before opening in new standalone window

[benfrancis]

Currently the window manager looks for an appId in e.detail.options of an open window event and if an app with that ID is found in the database it creates a new standalone window and navigates it to the URL provided.

It should check that the URL is actually in the scope of the app before loading that URL in the standalone window because any web page could add an appId to the event detail but provide an arbitrary URL. This is a vector for phishing attacks.