OLD | NEW |
1 CONSOLE MESSAGE: line 58: Injecting in main world: this should fail. | 1 CONSOLE MESSAGE: line 58: Injecting in main world: this should fail. |
2 CONSOLE ERROR: Refused to apply inline style because it violates the following C
ontent Security Policy directive: "default-src 'none'". Either the 'unsafe-inlin
e' keyword, a hash ('sha256-VW0vOGrZCqH0TKtw5B5uFtLP1DqNIIUce/tDyu/378c='), or a
nonce ('nonce-...') is required to enable inline execution. Note also that 'sty
le-src' was not explicitly set, so 'default-src' is used as a fallback. | 2 CONSOLE ERROR: Refused to apply inline style because it violates the following C
ontent Security Policy directive: "default-src 'none'". Either the 'unsafe-inlin
e' keyword, a hash ('sha256-VW0vOGrZCqH0TKtw5B5uFtLP1DqNIIUce/tDyu/378c='), or a
nonce ('nonce-...') is required to enable inline execution. Note also that 'sty
le-src' was not explicitly set, so 'default-src' is used as a fallback. |
3 | 3 |
4 CONSOLE MESSAGE: line 31: PASS: Style assignment in test 4 was not blocked by CS
P. | 4 CONSOLE MESSAGE: line 31: PASS: Style assignment in test 4 was not blocked by CS
P. |
5 CONSOLE MESSAGE: line 62: Injecting into isolated world without bypass: this sho
uld fail. | 5 CONSOLE MESSAGE: line 62: Injecting into isolated world without bypass: this sho
uld fail. |
6 CONSOLE ERROR: Refused to apply inline style because it violates the following C
ontent Security Policy directive: "default-src 'none'". Either the 'unsafe-inlin
e' keyword, a hash ('sha256-mqk0x+ZowQUO8stz3Tm8e/4c044WSEbqlTVrz4jf9ko='), or a
nonce ('nonce-...') is required to enable inline execution. Note also that 'sty
le-src' was not explicitly set, so 'default-src' is used as a fallback. | 6 CONSOLE ERROR: Refused to apply inline style because it violates the following C
ontent Security Policy directive: "default-src 'none'". Either the 'unsafe-inlin
e' keyword, a hash ('sha256-mqk0x+ZowQUO8stz3Tm8e/4c044WSEbqlTVrz4jf9ko='), or a
nonce ('nonce-...') is required to enable inline execution. Note also that 'sty
le-src' was not explicitly set, so 'default-src' is used as a fallback. |
7 | 7 |
8 CONSOLE MESSAGE: line 19: PASS: Style assignment in test 3 was not blocked by CS
P. | 8 CONSOLE MESSAGE: line 19: PASS: Style assignment in test 3 was not blocked by CS
P. |
9 CONSOLE ERROR: Refused to apply inline style because it violates the following C
ontent Security Policy directive: "default-src 'none'". Either the 'unsafe-inlin
e' keyword, a hash ('sha256-ZBTj5RHLnrF+IxdRZM2RuLfjTJQXNSi7fLQHr09onfY='), or a
nonce ('nonce-...') is required to enable inline execution. Note also that 'sty
le-src' was not explicitly set, so 'default-src' is used as a fallback. | 9 CONSOLE ERROR: line 1: Refused to apply inline style because it violates the fol
lowing Content Security Policy directive: "default-src 'none'". Either the 'unsa
fe-inline' keyword, a hash ('sha256-ZBTj5RHLnrF+IxdRZM2RuLfjTJQXNSi7fLQHr09onfY=
'), or a nonce ('nonce-...') is required to enable inline execution. Note also t
hat 'style-src' was not explicitly set, so 'default-src' is used as a fallback. |
10 | 10 |
11 CONSOLE MESSAGE: line 17: PASS: Style attribute assignment in test 3 was not blo
cked by CSP. | 11 CONSOLE MESSAGE: line 17: PASS: Style attribute assignment in test 3 was not blo
cked by CSP. |
12 CONSOLE MESSAGE: line 67: Starting to bypass main world's CSP: this should pass! | 12 CONSOLE MESSAGE: line 67: Starting to bypass main world's CSP: this should pass! |
13 CONSOLE MESSAGE: line 12: PASS: Style assignment in test 2 was blocked by CSP. | 13 CONSOLE MESSAGE: line 12: PASS: Style assignment in test 2 was blocked by CSP. |
14 CONSOLE MESSAGE: line 10: PASS: Style attribute assignment in test 2 was blocked
by CSP. | 14 CONSOLE MESSAGE: line 10: PASS: Style attribute assignment in test 2 was blocked
by CSP. |
15 CONSOLE MESSAGE: line 73: Injecting into main world again: this should fail. | 15 CONSOLE MESSAGE: line 73: Injecting into main world again: this should fail. |
16 CONSOLE ERROR: Refused to apply inline style because it violates the following C
ontent Security Policy directive: "default-src 'none'". Either the 'unsafe-inlin
e' keyword, a hash ('sha256-bUBNmssmL79UBWplbQJyN9Hi2tRE9H345W5DVyjdUq4='), or a
nonce ('nonce-...') is required to enable inline execution. Note also that 'sty
le-src' was not explicitly set, so 'default-src' is used as a fallback. | 16 CONSOLE ERROR: Refused to apply inline style because it violates the following C
ontent Security Policy directive: "default-src 'none'". Either the 'unsafe-inlin
e' keyword, a hash ('sha256-bUBNmssmL79UBWplbQJyN9Hi2tRE9H345W5DVyjdUq4='), or a
nonce ('nonce-...') is required to enable inline execution. Note also that 'sty
le-src' was not explicitly set, so 'default-src' is used as a fallback. |
17 | 17 |
18 CONSOLE MESSAGE: line 31: PASS: Style assignment in test 1 was not blocked by CS
P. | 18 CONSOLE MESSAGE: line 31: PASS: Style assignment in test 1 was not blocked by CS
P. |
19 This test ensures that style applied in isolated worlds marked with their own Co
ntent Security Policy aren't affected by the page's content security policy. Ext
ensions, for example, should be able to inject inline CSS (even though it's prob
ably a bad idea to do so). | 19 This test ensures that style applied in isolated worlds marked with their own Co
ntent Security Policy aren't affected by the page's content security policy. Ext
ensions, for example, should be able to inject inline CSS (even though it's prob
ably a bad idea to do so). |
20 | 20 |
21 | 21 |
OLD | NEW |