chromium/third_party/blink/web_tests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame.html

<html>
<head>
    <script>
        if (window.testRunner) {
            testRunner.dumpAsText();
            testRunner.dumpChildFrames();
            testRunner.waitUntilDone();
        }

        function loaded() {
            var url = "data:text/html,<html>"
                + "<head>"
                +     "<scr" + "ipt>"
                +         "function test() {"
                +             "try {"
                +                 "parent.document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a data: URL was allowed.';"
                +             "} catch (e) {"
                +             "}"
                +             "if (window.testRunner)"
                +                 "testRunner.notifyDone();"
                +         "}"
                +     "</scr" + "ipt>"
                + "</head>"
                + "<body onload=\"test()\">"
                +     "<p>Inner iframe.</p>"
                + "</body>"
                + "</html>";

            var iframe = document.getElementById("aFrame");
            iframe.src = url;
        }
    </script>
</head>
<body onload="loaded();">
    <p>This tests that a data: URL loaded in an iframe doesn't have access to its parent's frame</p>
    <iframe id="aFrame" name="aFrame"></iframe>
    <p id='accessMe'>PASS: Cross frame access from a data: URL was denied.</p>
</body>
</html>