Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(28)

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html

Issue 132563006: CSP 1.1: <meta> delivery should be ignored outside <head>. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inlin e' example.com/js/">
5 <script> 4 <script>
6 if (window.testRunner) 5 if (window.testRunner)
7 testRunner.dumpAsText(); 6 testRunner.dumpAsText();
8 </script> 7 </script>
9 </head> 8 </head>
10 <body> 9 <body>
11 <p>This test passes if the source expression does not throw an "invalid sour ce" error.</p> 10 <p>This test checks that Content Security Policy delivered via a meta elemen t is not enforced if the element is outside the document's head.</p>
11 <meta http-equiv="Content-Security-Policy" content="script-src 'none'">
12 <script>
13 alert("PASS (1/1)");
14 </script>
12 </body> 15 </body>
13 </html> 16 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698