LayoutTests/fast/frames/sandboxed-iframe-scripting-04.html - WebKit - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
     <script src="../../resources/js-test-pre.js"></script>
     <script>
         window.jsTestIsAsync = true;

         var allowedExecuted = 0;
         var disallowedExecuted = 0;
         window.addEventListener('message', function () {
           disallowedExecuted++;

           finish();
         });

         function finish() {
             shouldBe("disallowedExecuted", "0");
             shouldBe("allowedExecuted", "0");

             finishJSTest();
         };
     </script>
     <script src="../../resources/js-test-post.js"></script>
 </head>
 <body>
     <iframe sandbox="allow-same-origin"
             onload="finish()"
             src="data:text/html,<script>alert('FAIL: Executed script without allow-scripts in data URL');window.parent.postMessage({'fail': true}, '*');</script>">
     </iframe>
     <script>
         description("Verify that sandboxed frames without sandbox='allow-scripts' cannot execute script from data: URLs.");
     </script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<script src="../../resources/js-test-pre.js"></script>
	<script>
	window.jsTestIsAsync = true;

	var allowedExecuted = 0;
	var disallowedExecuted = 0;
	window.addEventListener('message', function () {
	disallowedExecuted++;

	finish();
	});

	function finish() {
	shouldBe("disallowedExecuted", "0");
	shouldBe("allowedExecuted", "0");

	finishJSTest();
	};
	</script>
	<script src="../../resources/js-test-post.js"></script>
	</head>
	<body>
	<iframe sandbox="allow-same-origin"
	onload="finish()"
	src="data:text/html,<script>alert('FAIL: Executed script without allow-scripts in data URL');window.parent.postMessage({'fail': true}, '*');</script>">
	</iframe>
	<script>
	description("Verify that sandboxed frames without sandbox='allow-scripts' cannot execute script from data: URLs.");
	</script>
	</body>
	</html>