dbates@webkit.org | 0f63e42 | 2019-06-11 20:14:40 +0000 | [diff] [blame^] | 1 | <!DOCTYPE html> |
| 2 | <html> |
| 3 | |
| 4 | <head> |
| 5 | <meta http-equiv="Content-Security-Policy" content="script-src 'strict-dynamic' 'nonce-abc'; |
| 6 | script-src-elem 'nonce-abc';"> |
| 7 | <script nonce='abc' src="/resources/testharness.js"></script> |
| 8 | <script nonce='abc' src="/resources/testharnessreport.js"></script> |
| 9 | </head> |
| 10 | |
| 11 | <body> |
| 12 | <script nonce='abc'> |
| 13 | var t = async_test("Should fire a security policy violation event"); |
| 14 | window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) { |
| 15 | assert_equals(e.violatedDirective, "script-src-elem"); |
| 16 | assert_equals(e.blockedURI, "{{location[scheme]}}://{{location[host]}}/content-security-policy/script-src-attr-elem/support/t_fail.js"); |
| 17 | })); |
| 18 | |
| 19 | var s = document.createElement('script'); |
| 20 | s.src = 'support/t_fail.js'; |
| 21 | document.head.appendChild(s); |
| 22 | </script> |
| 23 | </body> |
| 24 | |
| 25 | </html> |