Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/xss-DENIED-invalid-domain-change.html 

<html>
<body>
<iframe name='aFrame' src='http://localhost:8000/security/resources/iframe-invalid-domain-change.html'></iframe>

<div id="console"></div>
</body>
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}

try {
  // change own domain to an invalid one
  document.domain = 'apple.com';
} catch (e) {
}

window.onload = cross_frame_access;

function cross_frame_access() {
  var aframe = window.frames[0];
  try {
    if (typeof aframe.document == 'undefined') throw 1;
    document.getElementById("console").innerHTML = "FAIL: cross-site access allowed";
  } catch (e) {
    document.getElementById("console").innerHTML = "PASS: cross-site not access allowed";
  }

  if (window.testRunner)
    testRunner.notifyDone();
}
</script>
</html>