OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
| 4 <script> |
| 5 if (window.internals) |
| 6 internals.settings.setExperimentalContentSecurityPolicyFeaturesEnabl
ed(false); |
| 7 </script> |
4 <meta http-equiv="Content-Security-Policy-Report-Only" content="script-src '
self' 'unsafe-inline'; report-uri resources/save-report.php?test=eval-allowed-in
-report-only-mode-and-sends-report.html"> | 8 <meta http-equiv="Content-Security-Policy-Report-Only" content="script-src '
self' 'unsafe-inline'; report-uri resources/save-report.php?test=eval-allowed-in
-report-only-mode-and-sends-report.html"> |
5 </head> | 9 </head> |
6 <body> | 10 <body> |
7 <script> | 11 <script> |
8 try { | 12 try { |
9 eval("alert('PASS: eval() allowed!')"); | 13 eval("alert('PASS: eval() allowed!')"); |
10 } catch (e) { | 14 } catch (e) { |
11 console.log('FAIL: eval() blocked!'); | 15 console.log('FAIL: eval() blocked!'); |
12 } | 16 } |
13 </script> | 17 </script> |
14 <script src="resources/go-to-echo-report.js"></script> | 18 <script src="resources/go-to-echo-report.js"></script> |
15 </body> | 19 </body> |
16 </html> | 20 </html> |
OLD | NEW |