Demonstration of edge case where CSP violation reports have incorrect line numbers.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/violation-line-number-repro.html

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/violation-line-number-repro.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/violation-line-number-repro.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/violation-line-number-repro.html
new file mode 100644
index 0000000000000000000000000000000000000000..1c692fd221a053f0d72c80ca3b1e4bc2b4afd95f
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/violation-line-number-repro.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' http://localhost:8000">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+    <script>
+        function generateURL(port) {
+          return 'http://localhost:' + port + '/security/contentSecurityPolicy/resources/loaded.js';
+        }
+
+        document.write("<scr" + "ipt src='" + generateURL("8000") + "'></scr" + "ipt>");
+
+        async_test(function (t) {
+          document.addEventListener("securitypolicyviolation", t.step_func_done(e => { assert_equals(e.lineNumber, 18); }));
+          document.write("<scr" + "ipt src='" + generateURL("8001") + "'></scr" + "ipt>");
+        });
+
+    </script>
+</body>
+</html>