chromium/third_party/blink/web_tests/http/tests/security/resources/cross-frame-iframe-for-document-direct-test-victim.html

<script>
    function log(msg)
    {
        document.getElementById("console").appendChild(document.createTextNode(msg + "\n"));
    }

    onload = function()
    {
        parent.postMessage("finishedLoading", "*");
    }

    addEventListener("message", function() {
        if (document.fail) {
            log("FAIL: Cross origin direct document access allowed.");
        } else {
            log("PASS: Cross origin direct document access denied.");
        }

        if (window.testRunner)
            testRunner.notifyDone();
    }, false);
</script>
<pre id="console"></pre>