Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(34)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html

Issue 142113004: CSP 1.1: Ignore 'unsafe-inline' in presence of hashes or nonces. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt » ('j') | Source/core/frame/ContentSecurityPolicy.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-Au4 uYFbkf7OYd+ACMnKq96FN3qo='"> 4 <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-Au4 uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'">
5 <script> 5 <script>
6 if (window.testRunner) 6 if (window.testRunner)
7 testRunner.dumpAsText(); 7 testRunner.dumpAsText();
8 alert('PASS (1/1)'); 8 alert('PASS (1/1)');
9 </script> 9 </script>
10 <script>
11 alert('FAIL (1/1)');
12 </script>
10 </head> 13 </head>
11 <body> 14 <body>
12 <p> 15 <p>
13 This tests the effect of a valid script-hash value. It passes if no 16 This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present.
14 console warning is visible, and the alert() is executed.
15 </p> 17 </p>
16 </body> 18 </body>
17 </html> 19 </html>
OLDNEW
« no previous file with comments | « no previous file | LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt » ('j') | Source/core/frame/ContentSecurityPolicy.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698