file_strict_dynamic_non_parser_inserted.html (437B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1299483 - CSP: Implement 'strict-dynamic'</title> 5 </head> 6 <body> 7 <div id="testdiv">blocked</div> 8 9 <script nonce="foo"> 10 // generates a *non* parser inserted script and should be allowed 11 var myScript = document.createElement('script'); 12 myScript.src = 'http://example.com/tests/dom/security/test/csp/file_strict_dynamic.js'; 13 document.head.appendChild(myScript); 14 </script> 15 16 </body> 17 </html>