| OLD | NEW |
|---|
| 1 CONSOLE MESSAGE: line 8: Clicking a link, pre-policy: | 1 CONSOLE MESSAGE: line 8: Clicking a link, pre-policy: |
| 2 CONSOLE MESSAGE: line 21: PASS: Event handler triggered pre-policy. | 2 CONSOLE MESSAGE: line 21: PASS: Event handler triggered pre-policy. |
| 3 CONSOLE MESSAGE: line 14: Injecting Content-Security-Policy. | 3 CONSOLE MESSAGE: line 14: Injecting Content-Security-Policy. |
| 4 CONSOLE MESSAGE: line 19: Clicking a link, post-policy: | 4 CONSOLE MESSAGE: line 19: Clicking a link, post-policy: |
| 5 CONSOLE ERROR: line 21: Refused to execute inline event handler because it viola
tes the following Content Security Policy directive: "default-src 'self'". Note
that 'script-src' was not explicitly set, so 'default-src' is used as a fallback
. | 5 CONSOLE ERROR: line 21: Refused to execute inline event handler because it viola
tes the following Content Security Policy directive: "default-src 'self'". Eithe
r the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') i
s required to enable inline execution. Note also that 'script-src' was not expli
citly set, so 'default-src' is used as a fallback. |
| 6 | 6 |
| 7 This test checks that CSP is evaluated on each call to an inline event handler,
even if it's been executed pre-policy. It passes if one 'PASS' and no 'FAIL' mes
sages appear. | 7 This test checks that CSP is evaluated on each call to an inline event handler,
even if it's been executed pre-policy. It passes if one 'PASS' and no 'FAIL' mes
sages appear. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 137233005:
CSP: Improve blocked inline script error message. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk