script_event_handlers_allowed.html (798B)
1 <!DOCTYPE HTML> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-hashes' 'nonce-abc' 'sha256-wmuLCpoj8EMqfQlPnt5NIMgKkCK62CxAkAiewI0zZps='; img-src *;"> 6 <title>Event handlers should be allowed if a matching hash and 'unsafe-hashes' are present</title> 7 <script src='/resources/testharness.js' nonce='abc'></script> 8 <script src='/resources/testharnessreport.js' nonce='abc'></script> 9 </head> 10 11 <body> 12 <div id='log'></div> 13 <script nonce='abc'> 14 var t1 = async_test("Test that the inline event handler is allowed to run"); 15 16 window.addEventListener('securitypolicyviolation', t1.unreached_func("Should have not raised any event")); 17 </script> 18 <img src='../support/pass.png' 19 onload='t1.done();'> 20 </body> 21 22 </html>