OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-no
ncynonce' 'nonce-noncy+/=nonce'"> | 4 <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-no
ncynonce' 'nonce-noncy+/=nonce' 'unsafe-inline'"> |
5 <script nonce="noncynonce"> | 5 <script nonce="noncynonce"> |
6 if (window.testRunner) | 6 if (window.testRunner) |
7 testRunner.dumpAsText(); | 7 testRunner.dumpAsText(); |
8 </script> | 8 </script> |
9 <script nonce="noncynonce"> | 9 <script nonce="noncynonce"> |
10 alert('PASS (1/2)'); | 10 alert('PASS (1/2)'); |
11 </script> | 11 </script> |
12 <script nonce="noncy+/=nonce"> | 12 <script nonce="noncy+/=nonce"> |
13 alert('PASS (2/2)'); | 13 alert('PASS (2/2)'); |
14 </script> | 14 </script> |
| 15 <script> |
| 16 alert('FAIL (1/1)'); |
| 17 </script> |
15 </head> | 18 </head> |
16 <body> | 19 <body> |
17 <p> | 20 <p> |
18 This tests the effect of a valid script-nonce value. It passes if | 21 This tests that a valid nonce disables inline JavaScript, even if 'u
nsafe-inline' is present. |
19 no console warning is visible and the alerts are executed. | |
20 </p> | 22 </p> |
21 </body> | 23 </body> |
22 </html> | 24 </html> |
OLD | NEW |