file_strict_dynamic_parser_inserted_doc_write.html (367B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1299483 - CSP: Implement 'strict-dynamic'</title> 5 </head> 6 <body> 7 <div id="testdiv">blocked</div> 8 9 <script nonce="foo"> 10 // generates a parser inserted script and should be blocked 11 document.write("<script src='http://example.com/tests/dom/security/test/csp/file_strict_dynamic.js'><\/script>"); 12 </script> 13 14 </body> 15 </html>