<!DOCTYPE html> | |
<html> | |
<head> | |
<meta http-equiv="Content-Security-Policy" content="script-src 'sha256-0WwzeJrO6lcDUe7o6BR3lx0b8uiBvXBX5MNFFKF7iYE' 'unsafe-inline'"> | |
<script> | |
if (window.testRunner) | |
testRunner.dumpAsText(); | |
alert('PASS (1/1)'); | |
</script> | |
<script> | |
alert('FAIL (1/1)'); | |
</script> | |
</head> | |
<body> | |
<p> | |
This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present. | |
</p> | |
</body> | |
</html> |