sandboxed-data-scheme.html (612B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <script nonce="abc" src="/resources/testharness.js"></script> 6 <script nonce="abc" src="/resources/testharnessreport.js"></script> 7 </head> 8 9 <body> 10 <script nonce='abc'> 11 var url = "data:text/html,<script>alert(document.domain)<\/scr"+"ipt>"; 12 13 var i = document.createElement('iframe'); 14 i.src = url; 15 i.sandbox = "allow-scripts"; 16 document.body.appendChild(i); 17 </script> 18 <script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script> 19 </body> 20 21 </html>