diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /dom/security/test/csp/test_evalscript_allowed_by_strict_dynamic.html | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/csp/test_evalscript_allowed_by_strict_dynamic.html')
-rw-r--r-- | dom/security/test/csp/test_evalscript_allowed_by_strict_dynamic.html | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/dom/security/test/csp/test_evalscript_allowed_by_strict_dynamic.html b/dom/security/test/csp/test_evalscript_allowed_by_strict_dynamic.html new file mode 100644 index 0000000000..9b06bdaf82 --- /dev/null +++ b/dom/security/test/csp/test_evalscript_allowed_by_strict_dynamic.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta http-equiv="Content-Security-Policy" + content="script-src 'nonce-foobar' 'strict-dynamic' 'unsafe-eval'"> + <title>Bug 1439330 - CSP: eval is not blocked if 'strict-dynamic' is enabled + </title> + <script nonce="foobar" type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"> + </script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> +</head> +<body> +<script nonce="foobar"> + +/* Description of the test: + * We apply the script-src 'nonce-foobar' 'strict-dynamic' 'unsafe-eval' CSP and + * check if the eval function is allowed correctly by the CSP. + */ + +SimpleTest.waitForExplicitFinish(); + +// start the test +try { + // eslint-disable-next-line no-eval + eval("1"); + ok(true, "eval allowed by CSP"); +} +catch (ex) { + ok(false, "eval should be allowed by CSP"); +} + +SimpleTest.finish(); + +</script> +</body> +</html> |