src/third_party/WebKit/LayoutTests/http/tests/security/javascriptURL/resources/foreign-domain-javascript-url-accessor-opened-frame.html

   1 <html>
   2 <body>
   3     <p>Frame on a foreign domain (opened using window.open).</p>
   4     <iframe name='aFrame' id="aFrame"></iframe>
   5     <script>
   6         var url = "javascript:\"<html>"
   7             + "<head>"
   8             +     "<scr" + "ipt>"
   9             +         "window.onload = function()"
  10             +         "{"
  11             +             "try {"
  12             +                 "parent.opener.document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a javascript: URL on a different domain was allowed';"
  13             +             "} catch(e) {"
  14             +             "}"
  15             +             "parent.opener.postMessage('done', '*');"
  16             +         "}"
  17             +     "</scr" + "ipt>"
  18             + "</head>"
  19             + "<body>"
  20             +     "<p>Inner-inner iframe. This iframe (which is javascript: URL and whose parent is on a foreign domain) is the frame attempting to access"
  21             +     " the main frame.  It should not have access to it.</p>"
  22             + "</body>"
  23             + "</html>\"";
  24
  25         var frame = document.getElementById('aFrame');
  26         frame.src = url;
  27     </script>
  28 </body>
  29 </html>