third_party/WebKit/LayoutTests/http/tests/security/cross-origin-access-over-property-descriptor.html - chromium/src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <script src="/js-test-resources/js-test.js"></script>
 </head>
 <body>
 <iframe id="cross-origin-frame" src="http://localhost:8000/resources/dummy.html"></iframe>
 <script>
 description("Cross-origin access through 'get' and 'set' in a property descriptor should throw a SecurityError.");

 window.jsTestIsAsync = true;

 var targetFrame = window['cross-origin-frame'];
 shouldBeNonNull(targetFrame);
 var targetWindow = targetFrame.contentWindow;
 shouldBeNonNull(targetWindow);

 var pathnameDescriptor = Object.getOwnPropertyDescriptor(location, "pathname");
 shouldBeNonNull("pathnameDescriptor");
 shouldBe("typeof pathnameDescriptor.get", '"function"');
 shouldBe("typeof pathnameDescriptor.set", '"function"');

 var devicePixelRatioDescriptor = Object.getOwnPropertyDescriptor(window, "devicePixelRatio");
 shouldBeNonNull("devicePixelRatio");
 shouldBe("typeof devicePixelRatioDescriptor.get", '"function"');
 shouldBe("typeof devicePixelRatioDescriptor.set", '"function"');

 targetFrame.onload = function() {
   shouldThrow("pathnameDescriptor.get.call(targetWindow.location)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
   shouldThrow("pathnameDescriptor.set.call(targetWindow.location, 1)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

   shouldThrow("devicePixelRatioDescriptor.get.call(targetWindow)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
   shouldThrow("devicePixelRatioDescriptor.set.call(targetWindow, 1)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

   finishJSTest();
 };
 </script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<script src="/js-test-resources/js-test.js"></script>
	</head>
	<body>
	<iframe id="cross-origin-frame" src="http://localhost:8000/resources/dummy.html"></iframe>
	<script>
	description("Cross-origin access through 'get' and 'set' in a property descriptor should throw a SecurityError.");

	window.jsTestIsAsync = true;

	var targetFrame = window['cross-origin-frame'];
	shouldBeNonNull(targetFrame);
	var targetWindow = targetFrame.contentWindow;
	shouldBeNonNull(targetWindow);

	var pathnameDescriptor = Object.getOwnPropertyDescriptor(location, "pathname");
	shouldBeNonNull("pathnameDescriptor");
	shouldBe("typeof pathnameDescriptor.get", '"function"');
	shouldBe("typeof pathnameDescriptor.set", '"function"');

	var devicePixelRatioDescriptor = Object.getOwnPropertyDescriptor(window, "devicePixelRatio");
	shouldBeNonNull("devicePixelRatio");
	shouldBe("typeof devicePixelRatioDescriptor.get", '"function"');
	shouldBe("typeof devicePixelRatioDescriptor.set", '"function"');

	targetFrame.onload = function() {
	shouldThrow("pathnameDescriptor.get.call(targetWindow.location)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("pathnameDescriptor.set.call(targetWindow.location, 1)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

	shouldThrow("devicePixelRatioDescriptor.get.call(targetWindow)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');
	shouldThrow("devicePixelRatioDescriptor.set.call(targetWindow, 1)", '"SecurityError: Blocked a frame with origin \\"http://127.0.0.1:8000\\" from accessing a cross-origin frame."');

	finishJSTest();
	};
	</script>
	</body>
	</html>