http/tests/security/resources/sandboxed-iframe-modify-self.html - external/WebKit_LayoutTests - Git at Google

 <html>
 <head>
 <script>

 // this assignment should have no effect on sandbox status
 self.sandbox = 'allow-scripts allow-same-origin hacked-via-window-object';

 // this should be prevented by the sandbox 'origin' flag
 if (top.document)
     top.document.getElementById('f').sandbox = 'allow-scripts allow-same-origin hacked-via-dom';

 </script>
 </head>
 </html>
	<html>
	<head>
	<script>

	// this assignment should have no effect on sandbox status
	self.sandbox = 'allow-scripts allow-same-origin hacked-via-window-object';

	// this should be prevented by the sandbox 'origin' flag
	if (top.document)
	top.document.getElementById('f').sandbox = 'allow-scripts allow-same-origin hacked-via-dom';

	</script>
	</head>
	</html>