| Index: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html
|
| diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html
|
| similarity index 50%
|
| copy from LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html
|
| copy to LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html
|
| index a95042a7a1e26728080f2ccae0c9343afab4adbe..8b3b557c533b755e5135c1d19da45b0f5f081125 100644
|
| --- a/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html
|
| +++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html
|
| @@ -1,13 +1,16 @@
|
| <!DOCTYPE html>
|
| <html>
|
| <head>
|
| - <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' example.com/js/">
|
| <script>
|
| if (window.testRunner)
|
| testRunner.dumpAsText();
|
| </script>
|
| </head>
|
| <body>
|
| - <p>This test passes if the source expression does not throw an "invalid source" error.</p>
|
| + <p>This test checks that Content Security Policy delivered via a meta element is not enforced if the element is outside the document's head.</p>
|
| + <meta http-equiv="Content-Security-Policy" content="script-src 'none'">
|
| + <script>
|
| + alert("PASS (1/1)");
|
| + </script>
|
| </body>
|
| </html>
|
|
|
Chromium Code Reviews
Issue 132563006:
CSP 1.1: <meta> delivery should be ignored outside <head>. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master