Iframe Origin Sign tests if a signature request initiated within a nested Iframe in a Dapp is correctly handled by the wallet. If the wallet does not correctly handle the Origin, it may lead to phishing attacks.
Click the "Enable Ethereum" button on the page to connect the wallet, then click "selfdestruct send ETH" to record the current wallet's displayed Origin.
In the nested Iframe page, find the "Connect Actions" card and click the "CONNECT" button to connect the wallet.
Then, perform other signature operations within the Iframe, such as clicking the "REQUEST PERMISSIONS" button in the "Permissions Actions" card. Observe if the Origin is correctly displayed as "https://metamask.github.io". If not, there is a vulnerability.
The wallet should correctly display the Origin of signature requests initiated by an Iframe.