CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open.html from frame with URL data:text/html,%3Chtml%3E%3Chead%3E%3Cscript%3Ewindow.onload%20=%20function(){try%20{parent.opener.document.getElementById('accessMe').innerHTML%20=%20'FAIL:%20Cross%20frame%20access%20from%20a%20data:%20URL%20on%20a%20different%20domain%20was%20allowed';alert('FAIL:%20No%20exception%20thrown.');}%20catch%20(e)%20{alert('PASS:%20Exception%20thrown%20successfully.');}if%20(window.layoutTestController)layoutTestController.globalFlag%20=%20true;}%3C/script%3E%3C/head%3E%3Cbody%3E%3Cp%3EInner-inner%20iframe.%20This%20iframe%20(which%20is%20data:%20URL%20and%20whose%20parent%20is%20on%20a%20foreign%20domain)%20is%20the%20frame%20attempting%20to%20access%20the%20main%20frame.%20%20It%20should%20not%20have%20access%20to%20it.%3C/p%3E%3C/body%3E%3C/html%3E. Domains, protocols and ports must match.

ALERT: PASS: Exception thrown successfully.
Opener Frame

Pass: Cross frame access from a data: URL on a different domain was denied.
