inline-style-blocked.sub.html (882B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="style-src 'none'; script-src 'self' 'unsafe-inline'"> 6 <title>inline-style-blocked</title> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script> 10 async_test(t => { 11 window.addEventListener('securitypolicyviolation', t.step_func(e => { 12 if (e.blockedURI !== 'inline') return; 13 assert_equals(e.violatedDirective, 'style-src-elem'); 14 t.done(); 15 })); 16 }, "Triggers securitypolicyviolation."); 17 </script> 18 <style> 19 .target { 20 background-color: blue; 21 } 22 </style> 23 </head> 24 25 <body> 26 <script> 27 test(t => { 28 assert_equals(document.styleSheets.length, 0); 29 }, "Inline style element is blocked by CSP."); 30 </script> 31 </body> 32 33 </html>