[ tor-browser ].git.dasho

blob-inherits-from-meta-http-equiv-with-invalid-characters.html (765B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4 <meta http-equiv="Content-Security-Policy" content="
      5    default-src 'none';
      6    script-src blob: 'nonce-abc'">
      7 <script nonce="abc" src="/resources/testharness.js"></script>
      8 <script nonce="abc" src="/resources/testharnessreport.js"></script>
      9 </head>
     10 <script nonce="abc">
     11    async_test(t => {
     12        var script = document.createElement("script");
     13        script.onerror = () => assert_unreached("FAIL should not have fired error event.");
     14        script.onload = () => t.done();
     15        script.src = URL.createObjectURL(new Blob(["console.log('PASS executed blob URL script.');"]));
     16        document.head.appendChild(script);
     17    }, "blob: URL inherits CSP from a meta tag whose contents have newline characters.");
     18 </script>
     19 </html>

	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE