Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/xss-DENIED-sandboxed-iframe.html 

<html>
<script>

if (window.testRunner)
    testRunner.dumpAsText();

var docRef = undefined;

window.onload = function()
{
    document.getElementById("console").innerHTML =
        (docRef ? "FAIL: cross-domain script access allowed from sandboxed iframe"
                : "PASS: cross-domain script access disallowed from sandboxed iframe");
}

</script>
<body>

    <p>This test verifies that sandboxed iframe prevents cross-domain
    script access. It will print &quot;PASS&quot; on success.</p>

    <iframe sandbox="allow-scripts"
            src="http://127.0.0.1:8000/security/resources/xss-DENIED-sandboxed-iframe-attacker.html">
    </iframe>
    
    <div id="console">FAIL: Script didn't run</div>
    
</body>
</html>