| <html> |
| <head> |
| <script> |
| |
| frame = window.top.document.getElementById('frame'); |
| |
| // Setting the sandbox flag at runtime should not change whether scripts |
| // are allowed in this document. |
| |
| frame.sandbox = 'allow-same-origin'; // NO allow-scripts |
| |
| ++window.top.allowedExecuted; |
| |
| // This means that new scripts (such as the onload handler below) should |
| // continue to execute, even though the frame now has a sandbox attribute. |
| |
| function onload_hook() |
| { |
| ++window.top.allowedExecuted; |
| }; |
| |
| </script> |
| </head> |
| |
| <body onload='onload_hook();'></body> |
| </html> |
