Throw when blocking top-level navigation.

third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation.html

+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+    async_test(t => {
+        window.addEventListener("message", t.step_func_done(e => {
+            assert_equals(e.data.name, 'SecurityError', 'Should throw a security error.');
+            assert_equals(e.data.location, 'about:srcdoc', 'Exception is same-origin with the embedee.');
+        }));
+    }, "Sandboxed frames should throw when navigating the top-level window.");
+</script>
+<iframe sandbox="allow-scripts"
+        srcdoc="<script>
+                  try {
+                    top.location = '/security/frameNavigation/resources/fail.html';
+                    top.postMessage('No Exception', '*');
+                  } catch (e) {
+                    top.postMessage({
+                      'name': e.name,
+                      'location': e.constructor.constructor('return location.href')()

[Mike West, 2016/09/28 12:26:13]

Jochen: Does this (and the assertion on #8) address your concern?

+                    }, '*');
+                  }
+                </script>"></iframe>