script-src-elem-blocked-src-allowed.html (783B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="script-src-elem 'nonce-abc'; 6 script-src 'nonce-abc' 'nonce-def';"> 7 <script nonce='abc' src="/resources/testharness.js"></script> 8 <script nonce='abc' src="/resources/testharnessreport.js"></script> 9 </head> 10 11 <body> 12 <script nonce='abc'> 13 var t = async_test("Should fire a spv event"); 14 window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) { 15 assert_equals(e.violatedDirective, 'script-src-elem'); 16 assert_equals(e.blockedURI, 'inline'); 17 })); 18 19 </script> 20 21 <script nonce='def'> 22 t.step_func(function() { 23 assert_unreached("Should not have executed the inline block"); 24 }); 25 </script> 26 </body> 27 28 </html>