insecure-script-in-data-iframe-in-main-frame-blocked.html

<html>
<body>
<script>
if (window.testRunner) {
    testRunner.waitUntilDone();
    testRunner.dumpAsText();
    testRunner.setPopupBlockingEnabled(false);
    testRunner.overridePreference("WebKitAllowRunningInsecureContent", false);
}

window.addEventListener("message", function (e) {
  if (window.testRunner)
      testRunner.notifyDone();
}, false);

</script>
<p>This test opens a window that loads a data: iframe that loads an
insecure script, and that the script is still blocked. Although the
data: frame has a separate origin, the script can still navigate top.
</p>
<script>
window.open("https://127.0.0.1:8443/security/mixedContent/resources/frame-with-data-url-frame-with-script.html");
</script>
</body>
</html>

chromium/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html