LayoutTests/http/tests/security/xss-DENIED-invalid-domain-change.html - WebKit - Git at Google

 <html>
 <body>
 <iframe name='aFrame' src='http://localhost:8000/security/resources/iframe-invalid-domain-change.html'></iframe>

 <div id="console"></div>
 </body>
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText();
     testRunner.waitUntilDone();
 }

 try {
   // change own domain to an invalid one
   document.domain = 'apple.com';
 } catch (e) {
   console.log(e);
 }

 window.onload = cross_frame_access;

 function cross_frame_access() {
   var aframe = window.frames[0];
   try {
     if (typeof aframe.document == 'undefined') throw 1;
     document.getElementById("console").innerHTML = "FAIL: cross-site access allowed";
   } catch (e) {
     document.getElementById("console").innerHTML = "PASS: cross-site not access allowed";
   }

   if (window.testRunner)
     testRunner.notifyDone();
 }
 </script>
 </html>
	<html>
	<body>
	<iframe name='aFrame' src='http://localhost:8000/security/resources/iframe-invalid-domain-change.html'></iframe>

	<div id="console"></div>
	</body>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.waitUntilDone();
	}

	try {
	// change own domain to an invalid one
	document.domain = 'apple.com';
	} catch (e) {
	console.log(e);
	}

	window.onload = cross_frame_access;

	function cross_frame_access() {
	var aframe = window.frames[0];
	try {
	if (typeof aframe.document == 'undefined') throw 1;
	document.getElementById("console").innerHTML = "FAIL: cross-site access allowed";
	} catch (e) {
	document.getElementById("console").innerHTML = "PASS: cross-site not access allowed";
	}

	if (window.testRunner)
	testRunner.notifyDone();
	}
	</script>
	</html>