This test loads a secure iframe that loads an insecure script. We should trigger a mixed content callback even though the main frame is HTTP because the HTTPS frame's origin is contaminated with an insecure script.