Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1286)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt

Issue 137233005: CSP: Improve blocked inline script error message. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Yay. Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src-expected.txt ('k') | LayoutTests/inspector/debugger/debugger-pause-on-blocked-event-handler-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 CONSOLE MESSAGE: line 22: Injecting in main world: this should fail. 1 CONSOLE MESSAGE: line 22: Injecting in main world: this should fail.
2 CONSOLE ERROR: Refused to execute inline script because it violates the followin g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". 2 CONSOLE ERROR: Refused to execute inline script because it violates the followin g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t he 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is r equired to enable inline execution.
3 3
4 CONSOLE MESSAGE: line 26: Injecting into isolated world without bypass: this sho uld fail. 4 CONSOLE MESSAGE: line 26: Injecting into isolated world without bypass: this sho uld fail.
5 CONSOLE ERROR: Refused to execute inline script because it violates the followin g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". 5 CONSOLE ERROR: Refused to execute inline script because it violates the followin g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t he 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is r equired to enable inline execution.
6 6
7 CONSOLE MESSAGE: line 30: Starting to bypass main world's CSP: this should pass! 7 CONSOLE MESSAGE: line 30: Starting to bypass main world's CSP: this should pass!
8 CONSOLE MESSAGE: line 1: EXECUTED in isolated world. 8 CONSOLE MESSAGE: line 1: EXECUTED in isolated world.
9 CONSOLE MESSAGE: line 35: Injecting into main world again: this should fail. 9 CONSOLE MESSAGE: line 35: Injecting into main world again: this should fail.
10 CONSOLE ERROR: Refused to execute inline script because it violates the followin g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". 10 CONSOLE ERROR: Refused to execute inline script because it violates the followin g Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either t he 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is r equired to enable inline execution.
11 11
12 This test ensures that scripts run in isolated worlds marked with their own Cont ent Security Policy aren't affected by the page's content security policy. Exten sions, for example, should be able to inject inline JavaScript (even though it's probably a bad idea to do so). 12 This test ensures that scripts run in isolated worlds marked with their own Cont ent Security Policy aren't affected by the page's content security policy. Exten sions, for example, should be able to inject inline JavaScript (even though it's probably a bad idea to do so).
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/srcdoc-doesnt-bypass-script-src-expected.txt ('k') | LayoutTests/inspector/debugger/debugger-pause-on-blocked-event-handler-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698