Index: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html |
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html |
similarity index 50% |
copy from LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html |
copy to LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html |
index a95042a7a1e26728080f2ccae0c9343afab4adbe..8b3b557c533b755e5135c1d19da45b0f5f081125 100644 |
--- a/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html |
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html |
@@ -1,13 +1,16 @@ |
<!DOCTYPE html> |
<html> |
<head> |
- <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' example.com/js/"> |
<script> |
if (window.testRunner) |
testRunner.dumpAsText(); |
</script> |
</head> |
<body> |
- <p>This test passes if the source expression does not throw an "invalid source" error.</p> |
+ <p>This test checks that Content Security Policy delivered via a meta element is not enforced if the element is outside the document's head.</p> |
+ <meta http-equiv="Content-Security-Policy" content="script-src 'none'"> |
+ <script> |
+ alert("PASS (1/1)"); |
+ </script> |
</body> |
</html> |