Index: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt |
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt |
new file mode 100644 |
index 0000000000000000000000000000000000000000..93303761a15f3d0cee84dca04f51d57c460bee41 |
--- /dev/null |
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline-expected.txt |
@@ -0,0 +1,4 @@ |
+ALERT: PASS (1/1) |
+CONSOLE ERROR: line 10: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list. |
+ |
+This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present. |