LayoutTests/http/tests/security/contentSecurityPolicy/block-eval-onload-in-nested-about-blank-iframe.html - WebKit - Git at Google

 <!DOCTYPE html>
 <head>
     <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
 </head>
 <p>Tests that nested about:blank iframes that try to eval on load inherit the parent's CSP</p>
 <body>
     <iframe id=x src=about:blank></iframe>
     <script>
         testRunner.waitUntilDone();
         testRunner.dumpAsText();

         x.onload=_=> {
             x.contentDocument.body.innerHTML= "<iframe onload='eval(`alert(1)`)'><\/iframe>";
             testRunner.notifyDone();
         }
         x.contentWindow.location.reload();
     </script>
 </body>
	<!DOCTYPE html>
	<head>
	<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
	</head>
	<p>Tests that nested about:blank iframes that try to eval on load inherit the parent's CSP</p>
	<body>
	<iframe id=x src=about:blank></iframe>
	<script>
	testRunner.waitUntilDone();
	testRunner.dumpAsText();

	x.onload=_=> {
	x.contentDocument.body.innerHTML= "<iframe onload='eval(`alert(1)`)'><\/iframe>";
	testRunner.notifyDone();
	}
	x.contentWindow.location.reload();
	</script>
	</body>