script-src-1_4_1.html (1295B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>setTimeout() and setInterval() should not run without 'unsafe-eval' script-src directive.</title> 5 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline';"> 6 <script src='/resources/testharness.js'></script> 7 <script src='/resources/testharnessreport.js'></script> 8 </head> 9 <body> 10 <h1>setTimeout() and setInterval() should not run without 'unsafe-eval' script-src directive.</h1> 11 <div id='log'></div> 12 13 <script> 14 var t1 = async_test("window.setTimeout()"); 15 var t2 = async_test("window.setInterval()"); 16 var t_spv = async_test("Test that securitypolicyviolation event is fired"); 17 var test_count = 2; 18 19 window.addEventListener("securitypolicyviolation", t_spv.step_func_done(function(e) { 20 assert_equals(e.violatedDirective, "script-src"); 21 if (--test_count <= 0) { 22 t_spv.done(); 23 } 24 })); 25 26 27 onload = function() {t1.done(); t2.done()} 28 29 window.setTimeout('t1.step(function() {assert_unreached("window.setTimeout() ran without unsafe-eval.")})',0); 30 window.setInterval('t2.step(function() {assert_unreached("window.setInterval() ran without unsafe-eval.")})',0); 31 </script> 32 </body> 33 </html>