Throw when blocking top-level navigation.

third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html

Index: third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html b/third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html
new file mode 100644
index 0000000000000000000000000000000000000000..7b534f5f02953cf5cfc6f5db932eaf3f28d8bea7
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-top-navigation-to-javascript.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+    async_test(t => {
+        var i = document.createElement('iframe');
+        i.sandbox = "allow-scripts allow-same-origin allow-modals";
+        i.srcdoc = "<script>" +
+                   "  window.onerror = (m,f,l,c,e) => { top.postMessage(e.name, '*'); }" +
+                   "</scr" + "ipt>" +
+                   "<a href='javascript:top.location=\"/security/frameNavigation/resources/fail.html\";'>click</a>";
+
+        window.onmessage = t.step_func_done(e => {
+            assert_equals(e.data, "SecurityError", "The 'javascript:' navigation threw.");
+            assert_equals(i.contentDocument.body.innerText, "click", "The page contents did not change.");
+        });
+
+        var clicked = false;
+        i.onload = t.step_func(e => {
+            i.contentDocument.querySelector('a').click();
+            clicked = true;
+        });
+
+        document.body.appendChild(i);
+    }, "Sandboxed frames should throw when navigating the top-level window.");
+</script>
+</body>