worker-eval-blocked.sub.html (1274B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 6 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self';"> 7 <title>worker-eval-blocked</title> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 <script src='../support/logTest.sub.js?logs=["eval blocked"]'></script> 11 <script src='../support/alertAssert.sub.js?alerts=[]'></script> 12 </head> 13 14 <body> 15 <p>This test loads a worker, delivered with its own policy. 16 The eval() call in the worker should be forbidden by that 17 policy. No report should be generated because the worker 18 policy does not set a report-uri (although this parent 19 resource does).</p> 20 <script> 21 window.addEventListener('securitypolicyviolation', function(e) { 22 log('Fail'); 23 }); 24 25 try { 26 var worker = new Worker('/content-security-policy/script-src/support/worker-eval.js'); 27 worker.onmessage = function(event) { 28 log(event.data); 29 }; 30 } catch (e) { 31 log(e); 32 } 33 34 </script> 35 <div id="log"></div> 36 </body> 37 38 </html>