| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA=''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha-dummy''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''d&mmy''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA=''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-/Vet2Rva6wwsny8xybL+=bQal0Gtf0FZW7EOVqqg+Hna=''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA==''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-/vET2rVA6WWSNY8XYBl+BqAL0gTF0fzw7eovQQG+hNA===''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-'. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-#''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-abc&=''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-abc&==''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains an invalid source: ''sha256-LyogVGhpcyBpcyBhIGxvbmcgY29tbWVudCB0aGF0IHdpbGwgYmUgZW5jb2RlZCB1c2luZyBCYXNlNjQgdG8gcHJvZHVjZSBhbiBlbmNvZGVkIHN0cmluZyBvdXRwdXQgdGhhdCBpcyBsb25nZXIgdGhhbiBhIFNlY3VyZSBIYXNoIEFsZ29yaXRobS01MTIgZGlnZXN0LiAqLw==''. It will be ignored. |
| CONSOLE MESSAGE: line 5: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. |
| This tests that script hashes work and conform to the Content Security Policy 2.0 specification. |
| |
| On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". |
| |
| |
| PASS "Base64 encoded SHA-256 hash" did run inline script. |
| PASS "Base64 encoded SHA-256 hash with mixed case prefix" did run inline script. |
| PASS "Base64url encoded SHA-256 hash" did run inline script. |
| PASS "Base64 encoded SHA-384 hash" did run inline script. |
| PASS "Base64url encoded SHA-384 hash" did run inline script. |
| PASS "Base64 encoded SHA-512 hash" did run inline script. |
| PASS "Base64url encoded SHA-512 hash" did run inline script. |
| PASS "Script that contains HTML entity >" did run inline script. |
| PASS "Script that contains Unicode code point U+00C5" did run inline script. |
| PASS "Unicode code point U+00C5 is not equivalent to U+212B" did not run inline script. |
| PASS "Unicode code point U+212B is equivalent to U+00C5" did run inline script. |
| PASS "Big-5 page with Big-5 hash" did run inline script. |
| PASS "Big-5 page with UTF-8 hash" did not run inline script. |
| PASS "Hash source with invalid prefix" did not run inline script. |
| PASS "Invalid prefix" did not run inline script. |
| PASS "Invalid hash and no prefix" did not run inline script. |
| PASS "Hash without prefix" did not run inline script. |
| PASS "SHA-256 hash with SHA-384 prefix" did not run inline script. |
| PASS "SHA-256 hash with SHA-512 prefix" did not run inline script. |
| PASS "Malformed SHA-256 hash (equal sign in disallowed position)" did not run inline script. |
| PASS "SHA-256 hash with one extraneous equal sign" did not run inline script. |
| PASS "SHA-256 hash with two extraneous equal signs" did not run inline script. |
| PASS "Malformed hash source" did not run inline script. |
| PASS "Hash source without hash" did not run inline script. |
| PASS "Hash source without invalid hash" did not run inline script. |
| PASS "Hash source without invalid hash2" did not run inline script. |
| PASS "Hash source without invalid hash3" did not run inline script. |
| PASS "Hash that is larger that 64 bytes" did not run inline script. |
| PASS successfullyParsed is true |
| |
| TEST COMPLETE |
| |