Index: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html |
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html |
similarity index 56% |
copy from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed.html |
copy to LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html |
index 10fedea8f4d596130c9f0f394d2eb7b32576402f..709ba205b468056ec0b812fca514e4e1194c7ad0 100644 |
--- a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed.html |
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html |
@@ -1,17 +1,19 @@ |
<!DOCTYPE html> |
<html> |
<head> |
- <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo='"> |
+ <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-Au4uYFbkf7OYd+ACMnKq96FN3qo=' 'unsafe-inline'"> |
<script> |
if (window.testRunner) |
testRunner.dumpAsText(); |
alert('PASS (1/1)'); |
</script> |
+ <script> |
+ alert('FAIL (1/1)'); |
+ </script> |
</head> |
<body> |
<p> |
- This tests the effect of a valid script-hash value. It passes if no |
- console warning is visible, and the alert() is executed. |
+ This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present. |
</p> |
</body> |
</html> |