diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html b/testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html index e4ce1e5944..02c5c9642b 100644 --- a/testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html +++ b/testing/web-platform/tests/content-security-policy/script-src/script-src-strict_dynamic_hashes.html @@ -6,7 +6,7 @@ <script src='/resources/testharness.js' nonce='dummy'></script> <script src='/resources/testharnessreport.js' nonce='dummy'></script> - <!-- CSP served: script-src 'strict-dynamic' 'nonce-dummy' 'sha256-yU6Q7nD1TCBB9JvY06iIJ8ONLOPU4g8ml5JCDgXkv+M=' 'sha256-EEoi70frWHkGFhK51NVIJkXpq72aPxSCNZEow37ZmRA=' --> + <!-- CSP served: script-src 'strict-dynamic' 'nonce-dummy' 'sha256-yU6Q7nD1TCBB9JvY06iIJ8ONLOPU4g8ml5JCDgXkv+M=' 'sha256-EEoi70frWHkGFhK51NVIJkXpq72aPxSCNZEow37ZmRA=' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' --> </head> <body> @@ -47,6 +47,17 @@ document.body.appendChild(e); }, 'Script injected via `appendChild` from a script matching SHA256 hash is allowed with `strict-dynamic`.'); </script> + + <script nonce='dummy'> + var externalRan = false; + </script> + <script src='./externalScript.js' + integrity="sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0="></script> + <script nonce='dummy'> + test(function(t) { + assert_true(externalRan); + }, "External script in a script tag with matching SRI hash is allowed with `strict-dynamic`."); + </script> </body> </html> |