chromium/src/third_party/blink/web_tests/http/tests/security/xss-DENIED-sandboxed-iframe.html - manifest_repos/chromium_src - Git at Google

 <html>
 <script>

 if (window.testRunner)
     testRunner.dumpAsText();

 var docRef = undefined;

 window.onload = function()
 {
     document.getElementById("console").innerHTML =
         (docRef ? "FAIL: cross-domain script access allowed from sandboxed iframe"
                 : "PASS: cross-domain script access disallowed from sandboxed iframe");
 }

 </script>
 <body>

     <p>This test verifies that sandboxed iframe prevents cross-domain
     script access. It will print &quot;PASS&quot; on success.</p>

     <iframe sandbox="allow-scripts"
             src="http://127.0.0.1:8000/security/resources/xss-DENIED-sandboxed-iframe-attacker.html">
     </iframe>

     <div id="console">FAIL: Script didn't run</div>

 </body>
 </html>
	<html>
	<script>

	if (window.testRunner)
	testRunner.dumpAsText();

	var docRef = undefined;

	window.onload = function()
	{
	document.getElementById("console").innerHTML =
	(docRef ? "FAIL: cross-domain script access allowed from sandboxed iframe"
	: "PASS: cross-domain script access disallowed from sandboxed iframe");
	}

	</script>
	<body>

	<p>This test verifies that sandboxed iframe prevents cross-domain
	script access. It will print "PASS" on success.</p>

	<iframe sandbox="allow-scripts"
	src="http://127.0.0.1:8000/security/resources/xss-DENIED-sandboxed-iframe-attacker.html">
	</iframe>

	<div id="console">FAIL: Script didn't run</div>

	</body>
	</html>