| <html> |
| <head> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <!-- Content-Security-Policy-Report-Only: script-src 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} --> |
| </head> |
| <body> |
| <script> |
| var t = async_test("Eval is allowed because the CSP is report-only"); |
| try { |
| eval("t.done()"); |
| } catch { |
| t.step(function() { assert_true(false, "The eval should have execute succesfully"); }) |
| } |
| </script> |
| |
| <script async defer src="../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27unsafe-inline%27"></script> |
| </body> |
| </html> |