23 lines
712 B
HTML
23 lines
712 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
|
|
<head>
|
|
<script nonce="abc" src="/resources/testharness.js"></script>
|
|
<script nonce="abc" src="/resources/testharnessreport.js"></script>
|
|
</head>
|
|
|
|
<body>
|
|
<script nonce='abc'>
|
|
var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
|
|
var blob = new Blob([blob_string], {type : 'text/html'});
|
|
var url = URL.createObjectURL(blob);
|
|
|
|
var i = document.createElement('iframe');
|
|
i.src = url;
|
|
i.sandbox = "allow-scripts";
|
|
document.body.appendChild(i);
|
|
</script>
|
|
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
|
|
</body>
|
|
|
|
</html>
|