Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/listener/xss-window-onclick-addEventListener.html 

<html>
<head>
    <script>
        if (window.testRunner) {
            testRunner.dumpAsText();
            testRunner.waitUntilDone();
        }

        function onloadForChild() { 
            var targetChild = document.getElementById('targetChild');
            targetChild.src = "resources/targetChild-window-onclick-addEventListener.html";
            targetChild.onload = start;
        }

        function start() {
            var windowChild = window.frames[1];

            var x = document.getElementsByTagName('iframe')[1].offsetLeft + 50;
            var y = document.getElementsByTagName('iframe')[1].offsetTop + 50;

            if (window.eventSender) {
                eventSender.mouseMoveTo(x, y);
                eventSender.mouseDown();
                eventSender.mouseUp();
            } else {
                alert("To test you must click the iframe on the right.");
            }

            if (window.testRunner)
                testRunner.notifyDone();
        }
    </script>
</head>
<body>
    <p>This tests that frame used when setting eventListeners on the window using addEventListener is 
       the window's frame. (rdar://problem/5426142).  This test passes if you don't see an alert dialog with
       the domain of "localhost" in it and an "Unsafe JavaScript" warning is logged to the console.</p>
    <iframe id="targetChild" src=""></iframe>
    <iframe src="resources/childWindow.html" onload="onloadForChild();"></iframe>
</body>
</html>