<html>
<head>
<script>

window.addEventListener("message", onMessageReceived, false);

function postMsg(msg)
{
  parent.postMessage(msg, "http://mochi.test:8888");
}

function onMessageReceived(event)
{
  if (event.data == "check") {
    postMsg(sessionStorage.getItem("foo"));

    var gotValue = "threw";
    try {
      gotValue = sessionStorage.getItem("foo-https");
    } catch (e) {
    }

    postMsg(gotValue);

    postMsg("the end");
  }
}

function start()
{
  sessionStorage.setItem("foo", "insecure");
  postMsg(sessionStorage.getItem("foo"));
}

</script>
</head>
<body onload="start();">
insecure
</body>
</html>