| OLD | NEW |
|---|
| 1 CONSOLE MESSAGE: line 27: Injecting in main world: this should fail. | 1 CONSOLE MESSAGE: line 33: Injecting in main world: this should fail. |
| 2 CONSOLE ERROR: Refused to execute inline script because it violates the followin
g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t
he 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh
9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution. | 2 CONSOLE ERROR: Refused to execute inline script because it violates the followin
g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t
he 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh
9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution. |
| 3 | 3 |
| 4 CONSOLE MESSAGE: line 31: Injecting into isolated world without bypass: this sho
uld fail. | 4 CONSOLE MESSAGE: line 38: Injecting into isolated world without bypass: this sho
uld fail. |
| 5 CONSOLE ERROR: Refused to execute inline script because it violates the followin
g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t
he 'unsafe-inline' keyword, a hash ('sha256-weyW8ZEkQAD8it2iIcRJESCAdVG/APiGxF6J
YEqMvKo='), or a nonce ('nonce-...') is required to enable inline execution. | 5 CONSOLE ERROR: Refused to execute inline script because it violates the followin
g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t
he 'unsafe-inline' keyword, a hash ('sha256-weyW8ZEkQAD8it2iIcRJESCAdVG/APiGxF6J
YEqMvKo='), or a nonce ('nonce-...') is required to enable inline execution. |
| 6 | 6 |
| 7 CONSOLE MESSAGE: line 35: Starting to bypass main world's CSP: this should pass! | 7 CONSOLE MESSAGE: line 43: Starting to bypass main world's CSP: this should pass! |
| 8 CONSOLE MESSAGE: line 1: EXECUTED in isolated world. | 8 CONSOLE MESSAGE: line 1: EXECUTED in isolated world. |
| 9 CONSOLE MESSAGE: line 40: Injecting into main world again: this should fail. | 9 CONSOLE MESSAGE: line 49: Injecting into main world again: this should fail. |
| 10 CONSOLE ERROR: Refused to execute inline script because it violates the followin
g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t
he 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh
9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution. | 10 CONSOLE ERROR: Refused to execute inline script because it violates the followin
g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t
he 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh
9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution. |
| 11 | 11 |
| 12 This test ensures that scripts run in isolated worlds marked with their own Cont
ent Security Policy aren't affected by the page's content security policy. Exten
sions, for example, should be able to inject inline JavaScript (even though it's
probably a bad idea to do so). | 12 This test ensures that scripts run in isolated worlds marked with their own Cont
ent Security Policy aren't affected by the page's content security policy. Exten
sions, for example, should be able to inject inline JavaScript (even though it's
probably a bad idea to do so). |
| 13 |
| 14 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1318153009:
CSP: Loosen restrictions on inline style and event attributes. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master