OLD | NEW |
(Empty) | |
| 1 <!DOCTYPE HTML> |
| 2 <html> |
| 3 |
| 4 <head> |
| 5 <title>Parser-inserted scripts with a correct nonce are allowed with `strict
-dynamic` in the script-src directive.</title> |
| 6 <script src='/resources/testharness.js' nonce='dummy'></script> |
| 7 <script src='/resources/testharnessreport.js' nonce='dummy'></script> |
| 8 |
| 9 <!-- CSP served: script-src 'strict-dynamic' 'nonce-dummy' --> |
| 10 </head> |
| 11 |
| 12 <body> |
| 13 <h1>Parser-inserted scripts with a correct nonce are allowed with `strict-dy
namic` in the script-src directive.</h1> |
| 14 <div id='log'></div> |
| 15 |
| 16 <script nonce='dummy'> |
| 17 window.addEventListener('securitypolicyviolation', function(e) { |
| 18 assert_unreached('No CSP violation report has fired.'); |
| 19 }); |
| 20 |
| 21 async_test(function(t) { |
| 22 window.addEventListener('message', t.step_func(function(e) { |
| 23 if (e.data === 'documentWrite') { |
| 24 t.done(); |
| 25 } |
| 26 })); |
| 27 document.write('<scr' + 'ipt nonce="dummy" id="documentWrite" src="s
impleSourcedScript.js"></scr' + 'ipt>'); |
| 28 }, 'Parser-inserted script via `document.write` with a correct nonce is
allowed with `strict-dynamic`.'); |
| 29 </script> |
| 30 |
| 31 <script nonce='dummy'> |
| 32 async_test(function(t) { |
| 33 window.addEventListener('message', t.step_func(function(e) { |
| 34 if (e.data === 'documentWriteln') { |
| 35 t.done(); |
| 36 } |
| 37 })); |
| 38 document.writeln('<scr' + 'ipt nonce="dummy" id="documentWriteln" sr
c="simpleSourcedScript.js"></scr' + 'ipt>'); |
| 39 }, 'Parser-inserted script via `document.writeln` with a correct nonce i
s allowed with `strict-dynamic`.'); |
| 40 </script> |
| 41 |
| 42 <script nonce='dummy'> |
| 43 async_test(function(t) { |
| 44 window.addEventListener('message', t.step_func(function(e) { |
| 45 if (e.data === 'documentWrite-defer') { |
| 46 t.done(); |
| 47 } |
| 48 })); |
| 49 document.write('<scr' + 'ipt defer nonce="dummy" id="documentWrite-d
efer" src="simpleSourcedScript.js"></scr' + 'ipt>'); |
| 50 }, 'Parser-inserted deferred script via `document.write` with a correct
nonce is allowed with `strict-dynamic`.'); |
| 51 </script> |
| 52 |
| 53 <script nonce='dummy'> |
| 54 async_test(function(t) { |
| 55 window.addEventListener('message', t.step_func(function(e) { |
| 56 if (e.data === 'documentWriteln-defer') { |
| 57 t.done(); |
| 58 } |
| 59 })); |
| 60 document.writeln('<scr' + 'ipt defer nonce="dummy" id="documentWrite
ln-defer" src="simpleSourcedScript.js"></scr' + 'ipt>'); |
| 61 }, 'Parser-inserted deferred script via `document.writeln` with a correc
t nonce is allowed with `strict-dynamic`.'); |
| 62 </script> |
| 63 |
| 64 <script nonce='dummy'> |
| 65 async_test(function(t) { |
| 66 window.addEventListener('message', t.step_func(function(e) { |
| 67 if (e.data === 'documentWrite-async') { |
| 68 t.done(); |
| 69 } |
| 70 })); |
| 71 document.write('<scr' + 'ipt async nonce="dummy" id="documentWrite-a
sync" src="simpleSourcedScript.js"></scr' + 'ipt>'); |
| 72 }, 'Parser-inserted async script via `document.write` with a correct non
ce is allowed with `strict-dynamic`.'); |
| 73 </script> |
| 74 |
| 75 <script nonce='dummy'> |
| 76 async_test(function(t) { |
| 77 window.addEventListener('message', t.step_func(function(e) { |
| 78 if (e.data === 'documentWriteln-async') { |
| 79 t.done(); |
| 80 } |
| 81 })); |
| 82 document.writeln('<scr' + 'ipt async nonce="dummy" id="documentWrite
ln-async" src="simpleSourcedScript.js"></scr' + 'ipt>'); |
| 83 }, 'Parser-inserted async script via `document.writeln` with a correct n
once is allowed with `strict-dynamic`.'); |
| 84 </script> |
| 85 |
| 86 <script nonce='dummy'> |
| 87 async_test(function(t) { |
| 88 window.addEventListener('message', t.step_func(function(e) { |
| 89 if (e.data === 'documentWrite-defer-async') { |
| 90 t.done(); |
| 91 } |
| 92 })); |
| 93 document.write('<scr' + 'ipt defer async nonce="dummy" id="documentW
rite-defer-async" src="simpleSourcedScript.js"></scr' + 'ipt>'); |
| 94 }, 'Parser-inserted deferred async script via `document.write` with a co
rrect nonce is allowed with `strict-dynamic`.'); |
| 95 </script> |
| 96 |
| 97 <script nonce='dummy'> |
| 98 async_test(function(t) { |
| 99 window.addEventListener('message', t.step_func(function(e) { |
| 100 if (e.data === 'documentWriteln-defer-async') { |
| 101 t.done(); |
| 102 } |
| 103 })); |
| 104 document.writeln('<scr' + 'ipt defer async nonce="dummy" id="documen
tWriteln-defer-async" src="simpleSourcedScript.js"></scr' + 'ipt>'); |
| 105 }, 'Parser-inserted deferred async script via `document.writeln` with a
correct nonce is allowed with `strict-dynamic`.'); |
| 106 </script> |
| 107 |
| 108 </body> |
| 109 |
| 110 </html> |
OLD | NEW |