chromium/src/third_party/blink/web_tests/http/tests/security/secureContexts/resources/dynamically-sandbox-and-iframe-https.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
     <title>Dynamically apply sandbox and include HTTPS iframe</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/resources/get-host-info.js"></script>
 </head>
 <body>
 </body>
 <script>
     window.addEventListener("message", function (e) {
         var meta = document.createElement("meta");
         meta.httpEquiv = "Content-Security-Policy";
         meta.content = "sandbox allow-scripts";
         document.head.appendChild(meta);
         e.source.postMessage("go", "*");
     });

     var i = document.createElement("iframe");
     i.src = get_host_info().HTTPS_REMOTE_ORIGIN + "/security/secureContexts/resources/post-securecontext-status-on-msg.html"
     document.body.appendChild(i);
 </script>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Dynamically apply sandbox and include HTTPS iframe</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/resources/get-host-info.js"></script>
	</head>
	<body>
	</body>
	<script>
	window.addEventListener("message", function (e) {
	var meta = document.createElement("meta");
	meta.httpEquiv = "Content-Security-Policy";
	meta.content = "sandbox allow-scripts";
	document.head.appendChild(meta);
	e.source.postMessage("go", "*");
	});

	var i = document.createElement("iframe");
	i.src = get_host_info().HTTPS_REMOTE_ORIGIN + "/security/secureContexts/resources/post-securecontext-status-on-msg.html"
	document.body.appendChild(i);
	</script>
	</html>