PaymentRequest should throw if not in top context.

third_party/WebKit/LayoutTests/payments/payment-request-in-iframe.html

Index: third_party/WebKit/LayoutTests/payments/payment-request-in-iframe.html
diff --git a/third_party/WebKit/LayoutTests/payments/payment-request-in-iframe.html b/third_party/WebKit/LayoutTests/payments/payment-request-in-iframe.html
new file mode 100644
index 0000000000000000000000000000000000000000..297db49d8a478b54174d8b9bbb3d054a45dbc638
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/payments/payment-request-in-iframe.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Test for PaymentRequest in an iframe</title>
+<script src="../resources/testharness.js"></script>
+<script src="../resources/testharnessreport.js"></script>
+<iframe sandbox="allow-scripts allow-same-origin" style="width: 0px; height: 0px; margin: 0px; padding: 0px; border: 0px;" srcdoc="

[Marijn Kruisselbrink, 2016/06/01 00:19:25]

Why the sandbox? A non-sandboxed iframe should currently throw as well for this,
right? Also the width/height/margin/padding/border don't seem like they're
actually relevant to this test?

[please use gerrit instead, 2016/06/01 00:42:29]

Removed the extra bits. It still works without them.

+<!DOCTYPE html>
+<meta charset='utf-8'>
+<script>
+window.top.test(function() {
+    window.top.assert_throws({name: 'SecurityError'}, function() {
+        new PaymentRequest(['foo'], {items: [{id: 'id', label: 'label', amount: {currency: 'USD', value: '5.00'}}]});
+    }, 'If the browsing context of the script calling the constructor is not a top-level browsing context, then throw a SecurityError.');
+});
+</script>
+"></iframe>