| Index: third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
|
| index 6b742df9d68026d66782dd1099af089fa848e4ed..a8b3ec7ff6b87606116164eb59f23d9a96013ef3 100644
|
| --- a/third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt
|
| @@ -1,13 +1,13 @@
|
| CONSOLE MESSAGE: line 33: Injecting in main world: this should fail.
|
| -CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.
|
| +CONSOLE ERROR: line 21: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.
|
|
|
| CONSOLE MESSAGE: line 38: Injecting into isolated world without bypass: this should fail.
|
| -CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-weyW8ZEkQAD8it2iIcRJESCAdVG/APiGxF6JYEqMvKo='), or a nonce ('nonce-...') is required to enable inline execution.
|
| +CONSOLE ERROR: line 4: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-weyW8ZEkQAD8it2iIcRJESCAdVG/APiGxF6JYEqMvKo='), or a nonce ('nonce-...') is required to enable inline execution.
|
|
|
| CONSOLE MESSAGE: line 43: Starting to bypass main world's CSP: this should pass!
|
| CONSOLE MESSAGE: line 1: EXECUTED in isolated world.
|
| CONSOLE MESSAGE: line 49: Injecting into main world again: this should fail.
|
| -CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.
|
| +CONSOLE ERROR: line 21: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.
|
|
|
| This test ensures that scripts run in isolated worlds marked with their own Content Security Policy aren't affected by the page's content security policy. Extensions, for example, should be able to inject inline JavaScript (even though it's probably a bad idea to do so).
|
|
|
|
|
Chromium Code Reviews
Issue 1984483002:
[DevTools] Capture call stacks for CSP console messages. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master