dom/security/test/csp/file_strict_dynamic_non_parser_inserted.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

<!DOCTYPE HTML>
<html>
<head>
  <title>Bug 1299483 - CSP: Implement 'strict-dynamic'</title>
</head>
<body>
<div id="testdiv">blocked</div>

<script nonce="foo">
  // generates a *non* parser inserted script and should be allowed
  var myScript = document.createElement('script');
  myScript.src = 'http://example.com/tests/dom/security/test/csp/file_strict_dynamic.js';
  document.head.appendChild(myScript);
</script>

</body>
</html>