<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="Content-Security-Policy" content="child-src https://example.com">";
</head>
<body>
<iframe id="testframe"></iframe>
<script type="text/javascript" src="file_frame_src.js"></script>
</body>
</html>