chrome/test/data/ssl/bad_iframe.html - chromium/src - Git at Google

 <html>
 <body>
 <H1>Evil IFrame</H1>
 <div id="evilDiv">
 This frame is loaded over insecure HTTPS.
 </div>
 <script>
 if(window.location.search.indexOf("open_popup") != -1) {
   // Popup name must be empty so that this always opens a new popup window.
   window.open("about:blank", "", "toolbar=0");
 }
 </script>
 </body>
 </html>
	<html>
	<body>
	<H1>Evil IFrame</H1>
	<div id="evilDiv">
	This frame is loaded over insecure HTTPS.
	</div>
	<script>
	if(window.location.search.indexOf("open_popup") != -1) {
	// Popup name must be empty so that this always opens a new popup window.
	window.open("about:blank", "", "toolbar=0");
	}
	</script>
	</body>
	</html>