style_attribute_denied_wrong_hash.html (983B)
1 <!DOCTYPE HTML> 2 <html> 3 4 <head> 5 <meta http-equiv="Content-Security-Policy" content="img-src *; 6 style-src 'unsafe-hashes' 'sha256-UI8QfroYhb0WX073XBuM+RTPntpjZfkyFLsMw5vQfd0=';"> 7 <!-- 8 'sha256-S0VSqEOmzmyOifPfat2sJ7ELOgkldAEbaXlvi5iMqjc=' ==> 'background: green' 9 --> 10 <title>Event handlers should be allowed if a matching hash and 'unsafe-hashes' are present</title> 11 <script src='/resources/testharness.js'></script> 12 <script src='/resources/testharnessreport.js'></script> 13 </head> 14 15 <body> 16 <div id='log'></div> 17 <script> 18 var t1 = async_test("Test that the inline style attribute is blocked"); 19 20 window.addEventListener('securitypolicyviolation', t1.step_func_done(function(e) { 21 assert_equals(e.violatedDirective, 'style-src-attr'); 22 assert_equals(e.blockedURI, 'inline'); 23 })); 24 25 </script> 26 <img src='../support/pass.png' id='test' style='background: green'> 27 </body> 28 29 </html>