<html>
<head>
<script>
var success = false;

function OnLoad() {
  try {
    var request = new XMLHttpRequest();
    request.open("GET", "file:///c:/foo.txt", false);
    request.send(null);
  } catch (e) {
    success = true;
  }
  document.getElementById("console").appendChild(
      document.createTextNode(success ? "SUCCESS" : "FAILURE"));
}

function DidSucceed() {
  return success;
}

</script>
</head>
<body onload="OnLoad();">
This page sends a synchronous XMLHttpRequest to fetch a local file, which
should not be allowed.
<div id="console"></div>
</body>
</html>