inline-style-attribute-on-html.sub.html (1049B)
1 <!DOCTYPE html> 2 <script> 3 window.addEventListener('securitypolicyviolation', function(e) { 4 log("Fail"); 5 }); 6 </script> 7 <html style="background-color: blue;"> 8 <head> 9 <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.--> 10 <meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'"> 11 <title>inline-style-attribute-on-html</title> 12 <script src="/resources/testharness.js"></script> 13 <script src="/resources/testharnessreport.js"></script> 14 <script src='../support/logTest.sub.js?logs=["PASS"]'></script> 15 <script src="../support/alertAssert.sub.js?alerts=[]"></script> 16 </head> 17 18 <body> 19 <p>Even though this page has a CSP policy the blocks inline style, the style attribute on the HTML element still takes effect because it preceeds the meta element. 20 </p> 21 <script> 22 log(document.documentElement.style.length > 0 ? 'PASS' : 'FAIL'); 23 24 </script> 25 <div id="log"></div> 26 </body> 27 28 </html>