LayoutTests/http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-from-javscript-url.html - WebKit - Git at Google

 <html>
 <body>
     <p>This tests that a javascript: URL loaded in an iframe inside another javascript: URL loaded iframe has access to it's parent, the
         first javascript: URL loaded iframe.</p>
     <iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
     <script>
         if (window.testRunner) {
             testRunner.dumpAsText();
             testRunner.dumpChildFramesAsText();
             testRunner.waitUntilDone();
         }

         var innerURL = 'javascript:\\\"<html>'
             + "<head>"
             +     "<scr" + "ipt>"
             +         'parent.document.getElementById(\\\\\\\"accessMe\\\\\\\").innerHTML = \\\\\\\"PASS: Cross frame access from a javascript: URL was allowed!\\\\\\\";'
             +     "</scri" + "pt>"
             + "</head>"
             + "<body>"
             +     "<p>Inner-inner iframe.</p>"
             + "</body>"
             + '</html>\\\"';

         var url = "javascript:\"<html>"
             + "<body>"
             +     "<p id='accessMe'>FAIL: Cross frame access from a javascript: URL was denied.</p>"
             +     "<iframe src='" + innerURL + "'></iframe>"
             +     "<p>Inner iframe.</p>"
             + "</body>"
             + "</html>\"";

         var iframe = document.getElementById("aFrame");
         iframe.src = url;

         onload = () => {
             setTimeout(() => {
                 if (window.testRunner)
                     testRunner.notifyDone();
             }, 0);
         };
     </script>
 </body>
 </html>
	<html>
	<body>
	<p>This tests that a javascript: URL loaded in an iframe inside another javascript: URL loaded iframe has access to it's parent, the
	first javascript: URL loaded iframe.</p>
	<iframe id="aFrame" name="aFrame" style="width: 500px; height: 300px;"></iframe>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.dumpChildFramesAsText();
	testRunner.waitUntilDone();
	}

	var innerURL = 'javascript:\\\"<html>'
	+ "<head>"
	+ "<scr" + "ipt>"
	+ 'parent.document.getElementById(\\\\\\\"accessMe\\\\\\\").innerHTML = \\\\\\\"PASS: Cross frame access from a javascript: URL was allowed!\\\\\\\";'
	+ "</scri" + "pt>"
	+ "</head>"
	+ "<body>"
	+ "<p>Inner-inner iframe.</p>"
	+ "</body>"
	+ '</html>\\\"';

	var url = "javascript:\"<html>"
	+ "<body>"
	+ "<p id='accessMe'>FAIL: Cross frame access from a javascript: URL was denied.</p>"
	+ "<iframe src='" + innerURL + "'></iframe>"
	+ "<p>Inner iframe.</p>"
	+ "</body>"
	+ "</html>\"";

	var iframe = document.getElementById("aFrame");
	iframe.src = url;

	onload = () => {
	setTimeout(() => {
	if (window.testRunner)
	testRunner.notifyDone();
	}, 0);
	};
	</script>
	</body>
	</html>