chromium/third_party/blink/web_tests/http/tests/security/secureContexts/resources/dynamically-sandbox-and-iframe-https.html

<!DOCTYPE html>
<html>
<head>
    <title>Dynamically apply sandbox and include HTTPS iframe</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src="/resources/get-host-info.js"></script>
</head>
<body>
</body>
<script>
    window.addEventListener("message", function (e) {
        var meta = document.createElement("meta");
        meta.httpEquiv = "Content-Security-Policy";
        meta.content = "sandbox allow-scripts";
        document.head.appendChild(meta);
        e.source.postMessage("go", "*");
    });

    var i = document.createElement("iframe");
    i.src = get_host_info().HTTPS_REMOTE_ORIGIN + "/security/secureContexts/resources/post-securecontext-status-on-msg.html"
    document.body.appendChild(i);
</script>
</html>