http://web.mit.edu/bzbarsky/www/testcases/security/blob-iframe-document-domain.html has code like the following:

```
<!DOCTYPE html>
<iframe></iframe>
<script>
window.onload = function() {
  var b = new Blob(["something"], { type: "text/html" });
  document.domain = "domain.test";
  var u = URL.createObjectURL(b);
  var i = document.querySelector("iframe");
  i.onload = function() {
    try {
      alert(i.contentDocument.body);
    } catch (e) { alert(e); }
  }
  i.src = u;
}
</script>
```

The blob loaded into the frame ought to be same origin-domain with the page from which it was created. It's not. We should fix that.