<html>
<body>
<H1>Evil IFrame</H1>
<div id="evilDiv">
This frame is loaded over insecure HTTPS.
</div>
<script>
if(window.location.search.indexOf("open_popup") != -1) {
// Popup name must be empty so that this always opens a new popup window.
window.open("about:blank", "", "toolbar=0");
}
</script>
</body>
</html>