eval-hashes-override-unsafe-eval.sub.html (1070B)
1 <!DOCTYPE html> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' 'eval-sha256-wrhs7MZ7Cmwwzxiy9buBGGkLT/3SLW3Sp8UrVRoaaaa=' 'unsafe-eval'; connect-src 'self';"> 6 <title>eval-blocked</title> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script src='../../support/logTest.sub.js?logs=["PASS EvalError","PASS EvalError", "violated-directive=script-src"]'></script> 10 <script src="../../support/alertAssert.sub.js?alerts=[]"></script> 11 </head> 12 13 <body> 14 <script> 15 window.addEventListener('securitypolicyviolation', function(e) { 16 log("violated-directive=" + e.violatedDirective); 17 }); 18 19 try { 20 eval("alert_assert('FAIL (1 of 2)')"); 21 } catch (e) { 22 log("PASS EvalError"); 23 } 24 25 try { 26 window.eval("alert_assert('FAIL (1 of 2)')"); 27 } catch (e) { 28 log("PASS EvalError"); 29 } 30 31 </script> 32 <div id="log"></div> 33 </body> 34 35 </html>