| <!doctype html> |
| <html> |
| <head> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.dumpChildFrames(); |
| } |
| |
| function test() { |
| var testFrameWindow = window.frames['testframe']; |
| try { |
| var location = testFrameWindow.location.href; |
| } catch (e) { |
| alert("PASS: Cross-origin access to the Location object threw an exception."); |
| } |
| } |
| </script> |
| </head> |
| |
| <body> |
| <p>Sandboxing a frame puts it into a unique origin by default, which the |
| containing document shouldn't have script access to. This test passes if an |
| exception is thrown upon the access violation.</p> |
| |
| <iframe src="resources/blank.html" name="testframe" sandbox onload="test();"></iframe> |
| </body> |
| </html> |