style-src-attr-allowed-src-blocked.html (652B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="style-src-attr 'unsafe-inline'; 6 style-src 'none';"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script> 10 var t = async_test("Should apply the style attribute"); 11 window.addEventListener('securitypolicyviolation', t.unreached_func("Should not have fired a spv event")); 12 </script> 13 </head> 14 15 <body style="background: green"> 16 <script> 17 t.step(function() { 18 assert_true(document.body.style.length > 0); 19 t.done(); 20 }); 21 </script> 22 </body> 23 24 </html>