| <!DOCTYPE html> |
| <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc' blob:"> |
| <script nonce="abc" src="/resources/testharness.js"></script> |
| <script nonce="abc" src="/resources/testharnessreport.js"></script> |
| <script nonce="abc"> |
| async_test(t => { |
| var watcher = new EventWatcher(t, document, 'securitypolicyviolation'); |
| watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => { |
| assert_equals(e.blockedURI, "eval"); |
| assert_equals(e.sourceFile, "blob"); |
| assert_equals(e.lineNumber, 3); |
| assert_equals(e.columnNumber, 16); |
| })); |
| |
| var scriptText = ` |
| try { |
| eval("assert_unreached('no eval')"); |
| } catch (e) { |
| assert_equals(e.name, 'EvalError'); |
| } |
| `; |
| var s = document.createElement("script"); |
| s.src = URL.createObjectURL(new Blob([scriptText], {type: "text/javascript"})); |
| document.head.append(s); |
| }, "Violations from data:-URL scripts have a sourceFile of 'blob'"); |
| </script> |