Index: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-ignore-unsafeinline.html |
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-ignore-unsafeinline.html |
similarity index 65% |
copy from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html |
copy to LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-ignore-unsafeinline.html |
index d038e4c2c823325a8c5e9cc4bb7d29dce6e75fe7..188df57f75cd6117d9f5d004904a9f0203252485 100644 |
--- a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed.html |
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-ignore-unsafeinline.html |
@@ -1,7 +1,7 @@ |
<!DOCTYPE html> |
<html> |
<head> |
- <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-noncynonce' 'nonce-noncy+/=nonce'"> |
+ <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-noncynonce' 'nonce-noncy+/=nonce' 'unsafe-inline'"> |
<script nonce="noncynonce"> |
if (window.testRunner) |
testRunner.dumpAsText(); |
@@ -12,11 +12,13 @@ |
<script nonce="noncy+/=nonce"> |
alert('PASS (2/2)'); |
</script> |
+ <script> |
+ alert('FAIL (1/1)'); |
+ </script> |
</head> |
<body> |
<p> |
- This tests the effect of a valid script-nonce value. It passes if |
- no console warning is visible and the alerts are executed. |
+ This tests that a valid nonce disables inline JavaScript, even if 'unsafe-inline' is present. |
</p> |
</body> |
</html> |