scriptnonce-basic-blocked.sub.html (1470B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-noncynonce'; connect-src 'self';"> 7 <title>scriptnonce-basic-blocked</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/alertAssert.sub.js?alerts=["PASS (closely-quoted nonce)","PASS (nonce w/whitespace)", "violated-directive=script-src-elem", "violated-directive=script-src-elem", "violated-directive=script-src-elem"]'></script> 11 <script nonce="noncynonce"> 12 alert_assert('PASS (closely-quoted nonce)'); 13 14 </script> 15 <script nonce=" noncynonce "> 16 alert_assert('PASS (nonce w/whitespace)'); 17 18 window.addEventListener('securitypolicyviolation', function(e) { 19 alert_assert("violated-directive=" + e.violatedDirective); 20 }); 21 </script> 22 <script nonce="noncynonce noncynonce"> 23 alert_assert('FAIL (1/3)'); 24 25 </script> 26 <script> 27 alert_assert('FAIL (2/3)'); 28 29 </script> 30 <script nonce="noncynonceno?"> 31 alert_assert('FAIL (3/3)'); 32 33 </script> 34 </head> 35 36 <body> 37 <p> 38 This tests the effect of a valid script-nonce value. It passes if a CSP violation is generated, and the two PASS alerts are executed. 39 </p> 40 <div id="log"></div> 41 </body> 42 43 </html>