This test passes because the injected iframe has an empty src and is harmless.