style-src-elem-allowed-attr-blocked.html (966B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="style-src-elem 'unsafe-inline'; 6 style-src-attr 'none';"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script> 10 var t = async_test("Should fire a security policy violation for the attribute"); 11 window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) { 12 assert_equals(e.violatedDirective, 'style-src-attr'); 13 assert_equals(e.blockedURI, 'inline'); 14 })); 15 </script> 16 </head> 17 18 <body style="background: green"> 19 <style> 20 body {background: blue;} 21 </style> 22 23 <script> 24 async_test(function(test) { 25 assert_equals(document.body.style.length, 0); 26 assert_equals(document.styleSheets.length, 1); 27 test.done(); 28 }, "The attribute style should not be applied and the inline style should be applied"); 29 </script> 30 31 </body> 32 33 </html>