Index: LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-and-scripthash.html |
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-and-scripthash.html b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-and-scripthash.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..68e2e1a187cf575b6c155f11c05a15e46095cf99 |
--- /dev/null |
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scriptnonce-and-scripthash.html |
@@ -0,0 +1,30 @@ |
+<!DOCTYPE html> |
+<html> |
+ <head> |
+ <meta http-equiv="Content-Security-Policy" content="script-src 'sha1-MfuEFRkC2LmR31AMy9KW2ZLDegA=' 'sha1-p70t5PXyndLfjKNjbyBBOL1gFiM=' 'nonce-nonceynonce'"> |
+ <script nonce="nonceynonce"> |
+ if (window.testRunner) |
+ testRunner.dumpAsText(); |
+ alert('PASS (1/3)'); |
+ </script> |
+ <script> |
+ alert('PASS (2/3)'); |
+ </script> |
+ <script nonce="nonceynonce"> |
+ alert('PASS (3/3)'); |
+ </script> |
+ <script> |
+ alert('FAIL (1/2)'); |
+ </script> |
+ <script nonce="notanonce"> |
+ alert('FAIL (2/2)'); |
+ </script> |
+ </head> |
+ <body> |
+ <p> |
+ This tests the combined use of script hash and script nonce. It |
+ passes if two console warnings are visible and the three alerts show |
+ PASS. |
+ </p> |
+ </body> |
+</html> |