A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.
Apple Security Advisory 2020-07-15-5 - Safari 13.1.2 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, and use-after-free vulnerabilities.