Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt

Issue 1318153009: CSP: Loosen restrictions on inline style and event attributes. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
diff --git a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
index acfafa77ae9eaa73dd3ca5bb085854ca53637d86..6b742df9d68026d66782dd1099af089fa848e4ed 100644
--- a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
+++ b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
@@ -1,12 +1,14 @@
-CONSOLE MESSAGE: line 27: Injecting in main world: this should fail.
+CONSOLE MESSAGE: line 33: Injecting in main world: this should fail.
CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.
-CONSOLE MESSAGE: line 31: Injecting into isolated world without bypass: this should fail.
+CONSOLE MESSAGE: line 38: Injecting into isolated world without bypass: this should fail.
CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-weyW8ZEkQAD8it2iIcRJESCAdVG/APiGxF6JYEqMvKo='), or a nonce ('nonce-...') is required to enable inline execution.
-CONSOLE MESSAGE: line 35: Starting to bypass main world's CSP: this should pass!
+CONSOLE MESSAGE: line 43: Starting to bypass main world's CSP: this should pass!
CONSOLE MESSAGE: line 1: EXECUTED in isolated world.
-CONSOLE MESSAGE: line 40: Injecting into main world again: this should fail.
+CONSOLE MESSAGE: line 49: Injecting into main world again: this should fail.
CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.
This test ensures that scripts run in isolated worlds marked with their own Content Security Policy aren't affected by the page's content security policy. Extensions, for example, should be able to inject inline JavaScript (even though it's probably a bad idea to do so).
+
+
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698