tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

file_ignore_unsafe_inline.html (701B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4 <title>Bug 1004703 - ignore 'unsafe-inline' if nonce- or hash-source specified</title>
      5 </head>
      6 <body>
      7 <div id="testdiv">a</div>
      8 
      9 <!-- first script allowlisted by 'unsafe-inline' -->
     10 <script type="application/javascript">
     11 document.getElementById('testdiv').innerHTML += 'b';
     12 </script>
     13 
     14 <!-- second script allowlisted by hash -->
     15 <!-- sha256-uJXAPKP5NZxnVMZMUkDofh6a9P3UMRc1CRTevVPS/rI= -->
     16 <script type="application/javascript">
     17 document.getElementById('testdiv').innerHTML += 'c';
     18 </script>
     19 
     20 <!-- thrid script allowlisted by nonce -->
     21 <script type="application/javascript" nonce="FooNonce">
     22 document.getElementById('testdiv').innerHTML += 'd';
     23 </script>
     24 
     25 </body>
     26 </html>