LayoutTests/http/tests/security/javascriptURL/resources/foreign-domain-javascript-url-accessee-iframe.html - WebKit - Git at Google

 <html>
 <body>
     <p>Inner iframe on a foreign domain.</p>
     <iframe id="aFrame" name="aFrame"></iframe>
     <script>
         var url = "javascript:\"<html>"
             + "<head>"
             +     "<scr" + "ipt>"
             +         "window.onload = function()"
             +         "{"
             +             "if (window.testRunner)"
             +                 "testRunner.globalFlag = true;"
             +         "}"
             +     "</scr" + "ipt>"
             + "</head>"
             + "<body>"
             +     "<p id='accessMe'>PASS: Cross frame access from a frame on a foreign domain denied!</p>"
             +     "<p>Inner-inner iframe. This iframe (which is javascript: URL and whose parent is on a foreign domain) is the frame that the"
             +     " main frame is trying to access.  It should not have access to it.</p>"
             + "</body>"
             + "</html>\"";

         var frame = document.getElementById('aFrame');
         frame.src = url;
     </script>
 </body>
 </html>
	<html>
	<body>
	<p>Inner iframe on a foreign domain.</p>
	<iframe id="aFrame" name="aFrame"></iframe>
	<script>
	var url = "javascript:\"<html>"
	+ "<head>"
	+ "<scr" + "ipt>"
	+ "window.onload = function()"
	+ "{"
	+ "if (window.testRunner)"
	+ "testRunner.globalFlag = true;"
	+ "}"
	+ "</scr" + "ipt>"
	+ "</head>"
	+ "<body>"
	+ "<p id='accessMe'>PASS: Cross frame access from a frame on a foreign domain denied!</p>"
	+ "<p>Inner-inner iframe. This iframe (which is javascript: URL and whose parent is on a foreign domain) is the frame that the"
	+ " main frame is trying to access. It should not have access to it.</p>"
	+ "</body>"
	+ "</html>\"";

	var frame = document.getElementById('aFrame');
	frame.src = url;
	</script>
	</body>
	</html>