OLD | NEW |
---|---|
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-Au4 uYFbkf7OYd+ACMnKq96FN3qo='"> | 4 <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-Au4 uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'"> |
5 <script> | 5 <script> |
6 if (window.testRunner) | 6 if (window.testRunner) |
7 testRunner.dumpAsText(); | 7 testRunner.dumpAsText(); |
8 alert('PASS (1/1)'); | 8 alert('PASS (1/1)'); |
9 </script> | 9 </script> |
10 <script> | |
11 alert('FAIL (1/1)'); | |
12 </script> | |
10 </head> | 13 </head> |
11 <body> | 14 <body> |
12 <p> | 15 <p> |
13 This tests the effect of a valid script-hash value. It passes if no | 16 This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present. |
14 console warning is visible, and the alert() is executed. | |
15 </p> | 17 </p> |
16 </body> | 18 </body> |
17 </html> | 19 </html> |
OLD | NEW |