scriptnonce-allowed.sub.html (2181B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-noncynonce' 'nonce-noncy+/nonce='; connect-src 'self';"> 7 <title>scriptnonce-allowed</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script nonce="noncynonce"> 11 function log(msg) { 12 test(function() { 13 assert_unreached(msg) 14 }); 15 } 16 17 </script> 18 <script nonce="noncynonce"> 19 window.addEventListener('securitypolicyviolation', function(e) { 20 alert_assert("Fail"); 21 }); 22 23 var t_alert = async_test('Expecting alerts: ["PASS (1/2)","PASS (2/2)"]'); 24 var expected_alerts = ["PASS (1/2)", "PASS (2/2)"]; 25 26 function alert_assert(msg) { 27 t_alert.step(function() { 28 if (msg.match(/^FAIL/i)) { 29 assert_unreached(msg); 30 t_alert.done(); 31 } 32 for (var i = 0; i < expected_alerts.length; i++) { 33 if (expected_alerts[i] == msg) { 34 assert_equals(expected_alerts[i], msg); 35 expected_alerts.splice(i, 1); 36 if (expected_alerts.length == 0) { 37 t_alert.done(); 38 } 39 return; 40 } 41 } 42 assert_unreached('unexpected alert: ' + msg); 43 t_log.done(); 44 }); 45 } 46 47 </script> 48 <!-- enforcing policy: 49 script-src 'self' 'unsafe-inline' 'nonce-noncynonce' 'nonce-noncy+/nonce='; connect-src 'self'; 50 --> 51 <script nonce="noncynonce"> 52 alert_assert('PASS (1/2)'); 53 54 </script> 55 <script nonce="noncy+/nonce="> 56 alert_assert('PASS (2/2)'); 57 58 </script> 59 </head> 60 61 <body> 62 <p> 63 This tests the effect of a valid script-nonce value. It passes if no CSP violation is generated and the alerts are executed. 64 </p> 65 <div id="log"></div> 66 </body> 67 68 </html>