Pages which attempt to trigger a content download (with the "Content-Disposition: attachment" header) are actually rendered inside the WKWebView, if the web view supports displaying the content. (Supported content display is based on WKNavigationResponse's canShowMIMEType.)

When this content is displayed, WKWebView prevents JavaScript injection. Injecting the windowId fails with the following error in the Safari Debugging console:
"Blocked script execution in '<URL>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set."

and the following error is returned from WKWebView evaluateJavaScript:completionHandler:
Error Domain=WKErrorDomain Code=4 "A JavaScript exception occurred" UserInfo={WKJavaScriptExceptionLineNumber=0, WKJavaScriptExceptionMessage=, WKJavaScriptExceptionColumnNumber=0, NSLocalizedDescription=A JavaScript exception occurred}

I tested with the text file download at the bottom of http://www.jtricks.com/bits/content_disposition.html and reproduced the error on iPhone 7 simulator for both 10.3.1 and 11.2