chromium/third_party/blink/web_tests/http/tests/security/resources/xss-DENIED-sandboxed-iframe-attacker.html

<html>
<head>
<script>
    top.docRef = parent.document;  // access parent's DOM tree: should not be allowed
</script>
</head>
</html>