I am a top-level page sandboxed with "allow-scripts allow-forms allow-same-origin".