style-element-csp-blocked.html (1303B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta charset="utf-8" /> 5 <meta name="author" title="Kurt Catti-Schmidt" href="mailto:kschmi@microsoft.com" /> 6 <link rel="help" href="https://html.spec.whatwg.org/multipage/semantics.html#the-style-element" /> 7 <link rel="help" href="https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/ShadowDOM/explainer.md" /> 8 <script src="/resources/testharness.js"></script> 9 <script src="/resources/testharnessreport.js"></script> 10 11 <meta http-equiv="Content-Security-Policy" content="style-src 'none';"> 12 13 <script> 14 async_test(function(t1) { 15 document.documentElement.addEventListener("securitypolicyviolation", 16 t1.done()); 17 }, "securitypolicyviolation events should be fired for declarative style violations."); 18 19 const t2 = async_test("Test error event fires on inline style"); 20 </script> 21 22 <style type="module" specifier="foo" onerror="t2.done();"> 23 #test {color:blue} 24 </style> 25 26 </head> 27 <body> 28 29 <div id="test">Test content</div> 30 31 <script type="module"> 32 test(function (t) { 33 const test_element = document.getElementById("test"); 34 assert_equals(getComputedStyle(test_element) 35 .color, "rgb(0, 0, 0)", 36 "Declarative styles were blocked via CSP."); 37 38 }, "style-src CSP can block Declarative CSS Modules."); 39 </script> 40 </body> 41 </html>