Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change.html 

<html>
<head>
    <script src="../resources/cross-frame-access.js"></script>
    <script>
        window.onload = function()
        {
            if (window.testRunner) {
                testRunner.dumpAsText();
                testRunner.dumpChildFrames();
                testRunner.waitUntilDone();
            }

            window.addEventListener('message', function ()
            {
                runTest();
                testRunner.notifyDone();
            });
        }

        runTest = function()
        {
            try {
                window[0].document.getElementById('accessMe').innerHTML = "FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.";
                log("FAIL: Cross frame access to a data: URL embed in a frame on a foreign domain allowed.");
                return;
            } catch (e) {
            }
            log("PASS: Cross frame access to a data: URL embed in a frame on a foreign domain denied!");
        }
    </script>

</head>
<body>
    <p>Opener frame</p>
    <iframe src="http://localhost:8000/security/dataURL/resources/foreign-domain-data-url-window-location.html" style="width: 400px; height:200px;"></iframe>
    <pre id="console"></pre>
</body>
</html>