Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-1_1.html |
diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-1_1.html b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-1_1.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..c83f512bff5007f07d76f7baebd317c4ee684871 |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/script-src/script-src-1_1.html |
@@ -0,0 +1,22 @@ |
+<!DOCTYPE HTML> |
+<html> |
+<head> |
+ <title>Inline script should not run without 'unsafe-inline' script-src directive.</title> |
+ <script src='/resources/testharness.js'></script> |
+ <script src='/resources/testharnessreport.js'></script> |
+ <script src='inlineTests.js'></script> |
+</head> |
+<body> |
+ <h1>Inline script should not run without 'unsafe-inline' script-src directive, even for script-src 'self'.</h1> |
+ <div id='log'></div> |
+ |
+ <script> |
+ t1.step(function() {assert_unreached('Unsafe inline script ran.');}); |
+ </script> |
+ |
+ <img src='doesnotexist.jpg' onerror='t2.step(function() { assert_unreached("Unsafe inline event handler ran.") });'> |
+ |
+ <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27'></script> |
+ |
+</body> |
+</html> |