style-src-attr-blocked-src-allowed.html (805B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="style-src-attr 'none'; 6 style-src 'unsafe-inline';"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script> 10 var t = async_test("Should fire a security policy violation event"); 11 window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) { 12 assert_equals(e.violatedDirective, 'style-src-attr'); 13 assert_equals(e.blockedURI, 'inline'); 14 })); 15 </script> 16 </head> 17 18 <body style="background: green"> 19 <script> 20 async_test(function(test) { 21 assert_equals(document.body.style.length, 0); 22 test.done(); 23 }, "The attribute style should not be applied"); 24 </script> 25 </body> 26 27 </html>