<!DOCTYPE html> | |
<html> | |
<head> | |
<script> | |
var req = new XMLHttpRequest(); | |
req.open('GET', location); | |
req.onerror = function() { | |
window.parent.postMessage('PASS', '*'); | |
} | |
req.send(); | |
</script> | |
</head> | |
<body> | |
Documents loaded from file: shouldn't be able to access themselves via XHR. | |
</body> | |
</html> |