style-src-elem-blocked-attr-allowed.html (968B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="style-src-elem 'none'; 6 script-src-attr 'unsafe-inline'"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script> 10 var t = async_test("Should fire a security policy violation for the inline block"); 11 window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) { 12 assert_equals(e.violatedDirective, 'style-src-elem'); 13 assert_equals(e.blockedURI, 'inline'); 14 })); 15 </script> 16 </head> 17 18 <body style="background: green"> 19 <style> 20 body {background: blue;} 21 </style> 22 23 <script> 24 async_test(function(test) { 25 assert_true(document.body.style.length > 0); 26 assert_equals(document.styleSheets.length, 0); 27 test.done(); 28 }, "The inline style should not be applied and the attribute style should be applied"); 29 </script> 30 31 </body> 32 33 </html>