1 2 3 4 5 6 7 8 9 10 11 12 13 14
<!DOCTYPE HTML> <html> <head> <title>Bug 1299483 - CSP: Implement 'strict-dynamic'</title> </head> <body> <div id="testdiv">blocked</div> <script nonce="foo"> eval('document.getElementById("testdiv").innerHTML = "allowed";'); </script> </body> </html>