chromium/src/third_party/blink/web_tests/http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-subframe.html - manifest_repos/chromium_src - Git at Google

 <html>
 <body>
     <p>The scenario for this test is that you have an iframe with content from a foreign domain.  In that foreign content
         is an iframe which loads a javascript: URL.  This tests that the javascript: URL loaded iframe does not have access
         to the main frame using top.document.</p>
     <iframe src="http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascript-url-accessor-iframe.html" style="width: 400px; height:200px;"></iframe>
     <p id='accessMe'>Pass: Cross frame access from a javascript: URL on a different domain was denied.</p>
     <script>
         if (window.testRunner) {
             testRunner.dumpAsText();
             testRunner.waitUntilDone();
             testRunner.dumpChildFrames();
         }
     </script>
 </body>
 </html>
	<html>
	<body>
	<p>The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content
	is an iframe which loads a javascript: URL. This tests that the javascript: URL loaded iframe does not have access
	to the main frame using top.document.</p>
	<iframe src="http://localhost:8000/security/javascriptURL/resources/foreign-domain-javascript-url-accessor-iframe.html" style="width: 400px; height:200px;"></iframe>
	<p id='accessMe'>Pass: Cross frame access from a javascript: URL on a different domain was denied.</p>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.waitUntilDone();
	testRunner.dumpChildFrames();
	}
	</script>
	</body>
	</html>