scripthash-ignore-unsafeinline.sub.html (1984B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' 'sha256-3iveTSiUbmzN7COYvdDwyaXXzJ3SrjKlTaOvQ/GdRpo=' 'sha256-EgE/bwVJ+ZLL9F5hNjDqD4C7nlFFrdDaKeNIJ2cUem4=' 'sha256-lxHfHAe5I15v8qaArcZ5WiKmLU4CjV+3tJeQUqSIWBk='; connect-src 'self';"> 7 8 <title>scripthash-ignore-unsafeinline</title> 9 <script src="/resources/testharness.js"></script> 10 <script src="/resources/testharnessreport.js"></script> 11 <script src="../support/logTest.sub.js?logs=[]"></script> 12 <script>window.addEventListener('securitypolicyviolation', function(e) { alert_assert("Fail"); })</script> 13 <script> 14 var t_alert = async_test('Expecting alerts: ["PASS (1/1)"]'); 15 var expected_alerts = ["PASS (1/1)"]; 16 17 function alert_assert(msg) { 18 t_alert.step(function() { 19 if (msg.match(/^FAIL/i)) { 20 assert_unreached(msg); 21 t_alert.done(); 22 } 23 for (var i = 0; i < expected_alerts.length; i++) { 24 if (expected_alerts[i] == msg) { 25 assert_equals(expected_alerts[i], msg); 26 expected_alerts.splice(i, 1); 27 if (expected_alerts.length == 0) { 28 t_alert.done(); 29 } 30 return; 31 } 32 } 33 assert_unreached('unexpected alert: ' + msg); 34 t_log.done(); 35 }); 36 } 37 38 </script> 39 <script> 40 alert_assert('PASS (1/1)'); 41 42 </script> 43 <script> 44 alert_assert('FAIL (1/1)'); 45 46 </script> 47 </head> 48 49 <body> 50 <p> 51 This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present. 52 </p> 53 <div id="log"></div> 54 </body> 55 56 </html>