dom/security/test/csp/file_bug888172.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

<!doctype html>
<html>
  <body>
    <ol>
      <li id="unsafe-inline-script">Inline script (green if allowed, black if blocked)</li>
      <li id="unsafe-eval-script">Eval script (green if allowed, black if blocked)</li>
      <li id="unsafe-inline-style">Inline style (green if allowed, black if blocked)</li>
    </ol>

    <script>
      // Use inline script to set a style attribute
    document.getElementById("unsafe-inline-script").style.color = "green";

    // Use eval to set a style attribute
    // try/catch is used because CSP causes eval to throw an exception when it
    // is blocked, which would derail the rest of the tests  in this file.
    try {
      // eslint-disable-next-line no-eval
      eval('document.getElementById("unsafe-eval-script").style.color = "green";');
    } catch (e) {}
    </script>

    <style>
      li#unsafe-inline-style {
        color: green;
      }
    </style>
  </body>
</html>