chromium/third_party/blink/web_tests/http/tests/navigation/pushstate-whitelisted-denied.html

<script src="../resources/testharness.js"></script>
<script src="../resources/testharnessreport.js"></script>
<script>
test(function () {
    testRunner.addOriginAccessAllowListEntry(location.origin, location.protocol, '', false);
}, 'testRunner.addOriginAccessAllowListEntry is required for this test');

test(function () {
    // http://username@password:localhost:8000/... should be blocked.
    var otherOrigin = new URL(document.URL);
    otherOrigin.port = otherOrigin.port ? otherOrigin.port ^ 0xFFFF : 1337;
    otherOrigin = otherOrigin.href;

    assert_throws_dom('SecurityError', function () {
        history.pushState(null, null, otherOrigin);
    });
}, 'pushState to origin with different port should fail with SecurityError (even with whitelisted origins)');
</script>