OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="/resources/testharness.js"></script> | 4 <script src="/resources/testharness.js"></script> |
5 <script src="/resources/testharnessreport.js"></script> | 5 <script src="/resources/testharnessreport.js"></script> |
6 <script> | 6 <script> |
7 async_test(function (t) { | 7 async_test(function (t) { |
8 window.expectSuccess = t.step_func_done(function (el) { | 8 window.expectSuccess = t.step_func_done(function (el) { |
9 assert_equals(el, document.querySelector('#pass')); | 9 assert_equals(el, document.querySelector('#pass')); |
10 }); | 10 }); |
11 window.addEventListener('load', t.step_func(function () { | 11 window.addEventListener('load', t.step_func(function () { |
12 document.querySelector('#pass').click(); | 12 document.querySelector('#pass').click(); |
13 })); | 13 })); |
14 }, 'Inline event handlers whitelisted by the policy should fire.'); | 14 }, 'Inline event handlers whitelisted by the policy should fire.'); |
15 | 15 |
16 async_test(function (t) { | 16 async_test(function (t) { |
17 window.expectFailure = t.unreached_func("Handler should not exec
ute."); | 17 window.expectFailure = t.unreached_func("Handler should not exec
ute."); |
18 document.addEventListener('securitypolicyviolation', t.step_func
_done(function (e) { | 18 document.addEventListener('securitypolicyviolation', t.step_func
_done(function (e) { |
19 assert_equals(e.target, document); | 19 assert_equals(e.target, document); |
20 })); | 20 })); |
21 window.addEventListener('load', t.step_func(function () { | 21 window.addEventListener('load', t.step_func(function () { |
22 document.querySelector('#fail').click(); | 22 document.querySelector('#fail').click(); |
23 })); | 23 })); |
24 }, 'Inline event handlers not whitelisted by the policy should gener
ate error events.'); | 24 }, 'Inline event handlers not whitelisted by the policy should gener
ate error events.'); |
25 </script> | 25 </script> |
26 | 26 |
27 <meta http-equiv="Content-Security-Policy" content="script-src 'sha256-n
htYaXCssBJTThiDLYewspQYue9tisulEwJ3nTJKcMI='"> | 27 <meta http-equiv="Content-Security-Policy" content="script-src 'sha256-n
htYaXCssBJTThiDLYewspQYue9tisulEwJ3nTJKcMI=' 'unsafe-hashed-attributes'"> |
28 </head> | 28 </head> |
29 <body> | 29 <body> |
30 <button id="pass" onclick="expectSuccess(this)"></button> | 30 <button id="pass" onclick="expectSuccess(this)"></button> |
31 <button id="fail" onclick="expectFailure(this)"></button> | 31 <button id="fail" onclick="expectFailure(this)"></button> |
32 </body> | 32 </body> |
33 </html> | 33 </html> |
OLD | NEW |