Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change.html 

<html>
<head>
    <style>
        iframe { width: 400px; height: 200px;}
    </style>
    <script>
        if (window.testRunner) {
            testRunner.dumpAsText();
            testRunner.dumpChildFrames();
            testRunner.waitUntilDone();
        }

        function loaded()
        {
            document.getElementsByTagName('h4')[0].innerHTML = document.domain;
            performTest();
        }

        function performTest()
        {
            var subFrame = window.frames[0];
            subFrame.frames[0].location = "http://localhost:8000/security/frameNavigation/resources/navigation-changed-iframe.html";
        }
    </script>
</head>
<body onload="loaded();">
    <p>This tests that documents can navigate the location of any of it's sub-frames regardless of domain.</p>
    <h4>DOMAIN</h4>
    <iframe src="http://localhost:8000/security/frameNavigation/resources/iframe-with-inner-frame-on-foreign-domain.html"></iframe>
    <button onclick="performTest()">Perform Test</button>
</body>
</html>