Chromium Code Reviews Chromium Code Reviews
Issue 19787002:
CSP: 'eval()' blocked in report-only mode should send a violation report. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 CONSOLE MESSAGE: The Content Security Policy 'script-src 'self'' was delivered i n report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via t he 'Content-Security-Policy' header. | 1 CONSOLE MESSAGE: The Content Security Policy 'script-src 'self' 'unsafe-inline'' was delivered in report-only mode, but does not specify a 'report-uri'; the pol icy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header. |
| 2 CONSOLE MESSAGE: line 7: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'" . | 2 CONSOLE MESSAGE: [Report Only] Refused to evaluate a string as JavaScript becaus e 'unsafe-eval' is not an allowed source of script in the following Content Secu rity Policy directive: "script-src 'self' 'unsafe-inline'". |
| 3 | 3 |
| 4 ALERT: PASS: eval() executed as expected. | 4 ALERT: PASS: eval() executed as expected. |
| 5 | 5 |
| OLD | NEW |
