chromium/third_party/blink/web_tests/http/tests/security/javascriptURL/resources/foreign-domain-javascript-url-accessee-opened-frame.html

<html>
<body>
    <p>Frame on a foreign domain (opened using window.open).</p>
    <iframe id="aFrame"></iframe>
    <script>
        var url = "javascript:\"<html>"
            + "<body>"
            +     "<p id='accessMe'>PASS: Access from the main frame was denied!</p>"
            +     "<p>Inner-inner iframe. This iframe (which is javascript: URL and whose parent is on a foreign domain) is the frame that the"
            +     " main frame is trying to access.  It should not have access to it.</p>"
            + "</body>"
            + "</html>\"";

        var frame = document.getElementById('aFrame');
        frame.onload = function () { window.opener.postMessage('run test', '*'); };
        frame.src = url;
    </script>
</body>
</html>