XSSAuditor bypass with frameset tags.

LayoutTests/http/tests/security/xssAuditor/frameset-injection.html

Index: LayoutTests/http/tests/security/xssAuditor/frameset-injection.html
diff --git a/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative.html b/LayoutTests/http/tests/security/xssAuditor/frameset-injection.html
similarity index 69%
copy from LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative.html
copy to LayoutTests/http/tests/security/xssAuditor/frameset-injection.html
index 8c670214038be57e46697f7c47ac8be42ad20703..6a568b18d9861c24fe176b124617c90383290dbb 100644
--- a/LayoutTests/http/tests/security/xssAuditor/base-href-scheme-relative.html
+++ b/LayoutTests/http/tests/security/xssAuditor/frameset-injection.html
@@ -9,7 +9,7 @@ if (window.testRunner) {
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-head-base-href.pl?q=<base href='//127.0.0.1:8000/security/xssAuditor/resources/base-href/'>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?inHead=1&q=<frameset><frame src='data:text/html,<script>alert(0)</script>'></frameset>">
 </iframe>
 </body>
 </html>