eval-allowed-in-report-only-mode.html (474B)
1 <html> 2 <head> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <!-- Content-Security-Policy-Report-Only: script-src 'unsafe-inline' --> 6 </head> 7 <body> 8 <script> 9 var t = async_test("Eval is allowed because the CSP is report-only"); 10 try { 11 eval("t.done()"); 12 } catch { 13 t.step(function() { assert_true(false, "The eval should have execute succesfully"); }) 14 } 15 </script> 16 </body> 17 </html>