<html>
<body>
<p>Inner iframe on a foreign domain.</p>
<iframe id="aFrame" name="aFrame"></iframe>
<script>
window.onload = function() {
var url = "data:text/html,<html>"
+ "<head>"
+ "<scr" + "ipt>"
+ "window.onload = function()"
+ "{"
+ "try {"
+ "top.document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a data: URL on a different domain was allowed';"
+ "console.log('FAIL: No exception thrown.');"
+ "} catch (e) {"
+ "console.log('PASS: Exception thrown successfully.');"
+ "}"
+ "if (window.testRunner)"
+ "testRunner.notifyDone();"
+ "}"
+ "</scri" + "pt>"
+ "</head>"
+ "<body>"
+ "<p>Inner-inner iframe. This iframe (which is data: URL and whose parent is on a foreign domain) is the frame attempting to access"
+ " the main frame. It should not have access to it.</p>"
+ "</body>"
+ "</html>";
var frame = document.getElementById('aFrame');
frame.src = url;
};
</script>
</body>
</html>
Codebase Browser
chromium