file_strict_dynamic_unsafe_eval.html (296B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1299483 - CSP: Implement 'strict-dynamic'</title> 5 </head> 6 <body> 7 <div id="testdiv">blocked</div> 8 9 <script nonce="foo"> 10 // eslint-disable-next-line no-eval 11 eval('document.getElementById("testdiv").innerHTML = "allowed";'); 12 </script> 13 14 </body> 15 </html>