chromium/third_party/blink/web_tests/http/tests/security/isolatedWorld/bypass-main-world-csp-javascript-urls.html

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-eval'">
<script src="resources/javascript-url-bypass.js"></script>
</head>
<body id="body">
    <p>
        This test verifies the behavior of navigations to javascript urls in isolated worlds and its interaction with the isolated world CSP.
    </p>
</body>
</html>