diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html new file mode 100644 index 0000000000..784cdc8875 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/generic/cspro-not-enforced-in-worker.html @@ -0,0 +1,22 @@ +<!DOCTYPE HTML> +<html> +<head> + <script src='/resources/testharness.js'></script> + <script src='/resources/testharnessreport.js'></script> +</head> +<body> + <!-- This tests that a report only policy is not treated as enforcing when + inherited by a worker. This manifests in particular for `unsafe-eval` + in this bug crbug.com/777076 --> + <script nonce="abc"> + var t1 = async_test("Check that inline is allowed since the inherited policy is report only"); + var t2 = async_test("Check that eval is allowed since the inherited policy is report only"); + + var w = new Worker("support/eval.js"); + w.onmessage = function(e) { + if (e.data == "unsafe-inline allowed") t1.done(); + else if (e.data == "unsafe-eval allowed") t2.done(); + } + </script> +</body> +</html> |