third_party/WebKit/LayoutTests/http/tests/security/cross-origin-access-over-property-descriptor.html

<!DOCTYPE html>
<html>
<head>
<script src="/js-test-resources/js-test.js"></script>
</head>
<body>
<script>
description("Cross-origin access to 'window.location.pathname' over 'get' and 'set' in property descriptor should throw a SecurityError.");

window.jsTestIsAsync = true;
window.testRunner.setCanOpenWindows(true);

var targetWindow = window.open("http://localhost:8080/");

var pathnameDescriptor = Object.getOwnPropertyDescriptor(Location.prototype, "pathname");
shouldBeNonNull("pathnameDescriptor");
shouldBe("typeof pathnameDescriptor.get", '"function"');
shouldBe("typeof pathnameDescriptor.set", '"function"');

var count = 0;
var timerId = window.setInterval(function() {
    if (++count > 10) {
        window.clearInterval(timerId);
        finishJSTest();
        return;
    }
    if (targetWindow) {
        shouldThrow("pathnameDescriptor.get.call(targetWindow.location)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
        shouldThrow("pathnameDescriptor.set.call(targetWindow.location, 1)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
        window.clearInterval(timerId);
        finishJSTest();
    }
}, 1000);
</script>
</body>
</html>