third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html - chromium/src - Git at Google

 <script>
 if (window.testRunner)
     testRunner.dumpAsText();
 </script>
 <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
 <iframe src="about:blank"></iframe>
 Eval should be blocked in the iframe, but inline script should be allowed.
 <script>
 window.onload = function() {
     frames[0].document.write("<script>alert(/PASS/); eval('alert(/FAIL/);');<\/script>");
     frames[0].document.close();
 }
 </script>
	<script>
	if (window.testRunner)
	testRunner.dumpAsText();
	</script>
	<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
	<iframe src="about:blank"></iframe>
	Eval should be blocked in the iframe, but inline script should be allowed.
	<script>
	window.onload = function() {
	frames[0].document.write("<script>alert(/PASS/); eval('alert(/FAIL/);');<\/script>");
	frames[0].document.close();
	}
	</script>