file_csp_error_messages.html (658B)
1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <meta http-equiv="Content-Security-Policy" content="default-src 'nonce-abc';"> 6 <title></title> 7 </head> 8 9 <!-- event handler --> 10 <body onload="alert('onload');"> 11 12 <!-- img-src --> 13 <img src="image.png"> 14 15 <!-- external script --> 16 <script src=script.js></script> 17 18 <!-- inline script --> 19 <script> 20 alert("failure"); 21 </script> 22 23 <script nonce="abc"> 24 /* worker-src */ 25 new Worker("/worker.js") 26 </script> 27 28 <script nonce="abc"> 29 // eslint-disable-next-line no-eval 30 eval("hello world"); 31 </script> 32 33 <!-- inline style --> 34 <p style="color: blue;">Hey</p> 35 </body> 36 </html>