OLD | NEW |
---|---|
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inlin e' example.com/js/"> | |
5 <script> | 4 <script> |
6 if (window.testRunner) | 5 if (window.testRunner) |
7 testRunner.dumpAsText(); | 6 testRunner.dumpAsText(); |
8 </script> | 7 </script> |
9 </head> | 8 </head> |
10 <body> | 9 <body> |
11 <p>This test passes if the source expression does not throw an "invalid sour ce" error.</p> | 10 <p>This test checks that Content Security Policy delivered via a meta elemen t is not enforced if the element is outside the document's head.</p> |
11 <meta http-equiv="Content-Security-Policy" content="script-src 'none'"> | |
12 <script> | |
13 alert("PASS (1/1)"); | |
14 </script> | |
12 </body> | 15 </body> |
13 </html> | 16 </html> |
OLD | NEW |