style-src-injected-inline-style-allowed-with-content-hash.html (1915B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta http-equiv="Content-Security-Policy" content="style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; script-src 'self' 'unsafe-inline'"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 8 <script> 9 var t = async_test("Inline injected style without text content should be allowed"); 10 document.addEventListener("securitypolicyviolation", t.unreached_func("Should not trigger a security policy violation")); 11 t.done(); 12 13 const style_null_child = document.createElement("style"); 14 document.head.appendChild(style_null_child); 15 test(function() { 16 assert_not_equals(style_null_child.sheet, undefined, "style_null_child should have a stylesheet"); 17 assert_class_string(style_null_child.sheet, "CSSStyleSheet"); 18 }, "Inline style sheet should be created with null child node"); 19 20 const style_empty_child = document.createElement("style"); 21 style_empty_child.appendChild(document.createTextNode("")); 22 document.head.appendChild(style_empty_child); 23 test(function() { 24 assert_not_equals(style_empty_child.sheet, undefined, "style_empty_child should have a stylesheet"); 25 assert_class_string(style_empty_child.sheet, "CSSStyleSheet"); 26 }, "Inline style should be created with empty-string child node"); 27 28 const { sheet } = style_empty_child; 29 sheet.insertRule("#content { margin-left: 2px; }"); 30 </script> 31 </head> 32 <body> 33 <div id='log'></div> 34 35 <div id="content">Lorem ipsum</div> 36 37 <script> 38 test(function() { 39 var contentEl = document.getElementById("content"); 40 var background_color = getComputedStyle(contentEl).getPropertyValue('margin-left'); 41 assert_equals(background_color, "2px"); 42 }, "Inline style should be applied"); 43 </script> 44 45 </body> 46 </html>