| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'"> |
| <script> |
| if (window.testRunner) { |
| testRunner.dumpAsText(); |
| testRunner.waitUntilDone(); |
| } |
| </script> |
| </head> |
| <body> |
| <p>Tests that a external JavaScript script, in a user agent shadow tree, is allowed to load when the page has CSP policy: <code>script-src 'unsafe-inline'</code>.</p> |
| <div id="shadow-host"></div> |
| <script> |
| function runTest() |
| { |
| if (!window.testRunner || !window.internals) |
| return; |
| |
| var userAgentShadowRoot = internals.ensureUserAgentShadowRoot(document.getElementById("shadow-host")); |
| var script = document.createElement("script"); |
| userAgentShadowRoot.appendChild(script); |
| |
| script.onerror = function () { |
| alert("FAIL script did not load."); |
| testRunner.notifyDone(); |
| } |
| script.src = "http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass-and-notify-done.js"; |
| } |
| |
| runTest(); |
| </script> |
| </body> |
| </html> |
