LayoutTests/http/tests/security/contentSecurityPolicy/module-eval-blocked.html

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'">
<script>
if (window.testRunner) {
    testRunner.dumpAsText();
    testRunner.waitUntilDone();
}

var dummy = 79;
</script>
</head>
<body>
<!-- eval() string literal "alert()" -->
<script type="module">eval("alert('FAIL')")</script>
<script type="module">window.eval("alert('FAIL')")</script>
<!-- eval() non-string literal (should be allowed) -->
<script type="module">eval(0)</script>
<script type="module">window.eval(0)</script>
<script type="module">eval(1)</script>
<script type="module">window.eval(1)</script>
<script type="module">eval(7)</script>
<script type="module">window.eval(7)</script>
<script type="module">eval(3.14)</script>
<script type="module">window.eval(3.14)</script>
<script type="module">eval(true)</script>
<script type="module">window.eval(true)</script>
<script type="module">eval(false)</script>
<script type="module">window.eval(false)</script>
<script type="module">eval(Function)</script>
<script type="module">window.eval(Function)</script>
<!-- eval() string literal -->
<script type="module">eval("")</script>
<script type="module">window.eval("")</script>
<script type="module">eval("0")</script>
<script type="module">window.eval("0")</script>
<script type="module">eval("1")</script>
<script type="module">window.eval("1")</script>
<script type="module">eval("2.73")</script>
<script type="module">window.eval("2.73")</script>
<script type="module">eval("true")</script>
<script type="module">window.eval("true")</script>
<script type="module">eval("false")</script>
<script type="module">window.eval("false")</script>
<script type="module">eval("Object")</script>
<script type="module">window.eval("Object")</script>
<script type="module">eval("dummy")</script>
<script type="module">window.eval("dummy")</script>
<script type="module">
if (window.testRunner)
    testRunner.notifyDone();
</script>
</body>
</html>