<!doctype html>
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.dumpChildFrames();
}
function test() {
var testFrameWindow = window.frames['testframe'];
try {
var location = testFrameWindow.location.href;
} catch (e) {
alert("PASS: Cross-origin access to the Location object threw an exception.");
}
}
</script>
</head>
<body>
<p>Sandboxing a frame puts it into a unique origin by default, which the
containing document shouldn't have script access to. This test passes if an
exception is thrown upon the access violation.</p>
<iframe src="resources/blank.html" name="testframe" sandbox onload="test();"></iframe>
</body>
</html>
Codebase Browser
chromium