testing/web-platform/tests/content-security-policy/blink-contrib/default-src-inline-blocked.sub.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

<!DOCTYPE html>
<html>

<head>
    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
    <title>default-src-inline-blocked</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <!-- enforcing policy:
default-src 'self'; connect-src 'self';
-->
</head>

<body>
    This test passes if the inline scripts don't create failing tests and a CSP report is sent.
    <script>
        test(function() {
            assert_unreached('FAIL inline script ran')
        });

    </script>
    <script src="resources/document-write-alert-fail.js"></script>
    <div id="log"></div>
    <script async defer src="../support/checkReport.sub.js?reportExists=true&amp;reportField=violated-directive&amp;reportValue=default-src%20&apos;self&apos;"></script>
</body>

</html>