Inside of a sandboxed iframe, another frame with an "about:srcdoc" or "about:blank" src URL should be considered same-origin.
Chrome doesn't do this currently (likely because opaque origins are not considered to be same-origin with themselves).
I expect that adding a unique nonce to opaque origins should go a long way towards fixing this (see https://crbug.com/712213) but adding this behavior as a separate bug for tracking purposes.
Quoth mkwst:
> https://html.spec.whatwg.org/#same-origin says that two origins are "same origin" and "same origin-domain" if they're the same opaque origin.
>
> https://html.spec.whatwg.org/#origin:document-2 says that the origin of an iframe srcdoc document is the origin of its ~parent, and the origin of an `about:blank` document is similar.
Comment 1 by dcheng@chromium.org
, Apr 9 2018