tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

javascript_src_allowed-href_blank-script-src-attr.html (746B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4    <meta http-equiv="Content-Security-Policy" content="script-src-attr 'unsafe-hashes' 'nonce-abc'
      5    'sha256-N5bidCKdNO1nSPa1G7MdL6S7Y7MKZ7UMIS/40JBMSe4=';">
      6    <script src="/resources/testharness.js" nonce="abc"></script>
      7    <script src="/resources/testharnessreport.js" nonce="abc"></script>
      8    <script src="support/helper.js" nonce="abc"></script>
      9 </head>
     10 <body>
     11    <script nonce="abc">
     12    // script-src-attr CSP should not have effects because navigation CSP
     13    // checks are done against script-src-elem.
     14    // https://w3c.github.io/webappsec-csp/#effective-directive-for-inline-check
     15    runTest(true, '<a href target=_blank>', ' (script-src-attr should not be used)');
     16    </script>
     17 </body>
     18 </html>