[CSP] Fix WPT eval-blocked-in-about-blank-iframe

The test was failing for all vendors since it expected to get a
securitypolicyviolation event in the parent frame instead of the frame
where the eval was blocked.

I rewrote the test in a modern way and deleted the old http blink test
this one had been converted from.

Bug: 651742
Change-Id: Ie8b7ae4842c0934b3c18086a2aee93c8a8ca292a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3059564
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#906671}

third_party/blink/web_tests/TestExpectations

@@ -2036,7 +2036,6 @@ crbug.com/705125 fast/mediacapturefromelement/CanvasCaptureMediaStream-capture-o
 crbug.com/694525 external/wpt/content-security-policy/connect-src/worker-from-guid.sub.html [ Skip ]
 crbug.com/694525 external/wpt/content-security-policy/connect-src/worker-connect-src-blocked.sub.html [ Skip ]
 crbug.com/694525 external/wpt/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html [ Skip ]
-crbug.com/694525 external/wpt/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.sub.html [ Skip ]
 
 # These tests will be added back soon:
 crbug.com/706350 external/wpt/html/browsers/browsing-the-web/history-traversal/window-name-after-cross-origin-aux-frame-navigation.sub.html [ Skip ]

third_party/blink/web_tests/external/wpt/content-security-policy/unsafe-eval/eval-blocked-in-about-blank-iframe.html

@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta http-equiv="Content-Security-Policy"
+        content="script-src 'self' 'unsafe-inline';">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+
+<p>
+  Eval should be blocked in the iframe, but inline script should be allowed.
+</p>
+
+<script>
+  promise_test(async t => {
+    const document_loaded = new Promise(resolve => window.onload = resolve);
+    await document_loaded;
+
+    const eval_error = new Promise(resolve => {
+      window.addEventListener('message', function(e) {
+        assert_not_equals(e.data, 'FAIL', 'eval was executed in the frame');
+        if (e.data === 'PASS')
+          resolve();
+      });
+    });
+    const csp_violation_report = new Promise(resolve => {
+      window.addEventListener('message', function(e) {
+        if (e.data["violated-directive"]) {
+          assert_equals(e.data["violated-directive"], "script-src");
+          resolve();
+        }
+      });
+    });
+
+    frames[0].document.write(`
+      <script>
+        window.addEventListener('securitypolicyviolation', function(e) {
+          parent.postMessage({ 'violated-directive': e.violatedDirective });
+        });
+        try {
+          eval('parent.postMessage(\"FAIL\", \"*\");');
+        } catch (e) {
+          if (e instanceof EvalError)
+            parent.postMessage(\"PASS\", \"*\");
+        }
+      </sc` + `ript>`
+    );
+    frames[0].document.close();
+
+    await eval_error;
+    await csp_violation_report;
+  });
+</script>
+<iframe src="about:blank"></iframe>
+
+</body>
+
+</html>