third_party/blink/web_tests/http/tests/security/sandboxed-iframe-blocks-access-from-parent.html - chromium/src - Git at Google

 <!doctype html>
 <html>
 <head>
     <script>
         if (window.testRunner) {
             testRunner.dumpAsText();
             testRunner.dumpChildFrames();
         }

         function test() {
             var testFrameWindow = window.frames['testframe'];
             try {
                 var location = testFrameWindow.location.href;
             } catch (e) {
                 alert("PASS: Cross-origin access to the Location object threw an exception.");
             }
         }
     </script>
 </head>

 <body>
     <p>Sandboxing a frame puts it into a unique origin by default, which the
     containing document shouldn't have script access to. This test passes if an
     exception is thrown upon the access violation.</p>

     <iframe src="resources/blank.html" name="testframe" sandbox onload="test();"></iframe>
 </body>
 </html>
	<!doctype html>
	<html>
	<head>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText();
	testRunner.dumpChildFrames();
	}

	function test() {
	var testFrameWindow = window.frames['testframe'];
	try {
	var location = testFrameWindow.location.href;
	} catch (e) {
	alert("PASS: Cross-origin access to the Location object threw an exception.");
	}
	}
	</script>
	</head>

	<body>
	<p>Sandboxing a frame puts it into a unique origin by default, which the
	containing document shouldn't have script access to. This test passes if an
	exception is thrown upon the access violation.</p>

	<iframe src="resources/blank.html" name="testframe" sandbox onload="test();"></iframe>
	</body>
	</html>