diff options
Diffstat (limited to '')
2 files changed, 21 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html b/testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html new file mode 100644 index 0000000000..6ee3785dc8 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html @@ -0,0 +1,19 @@ +<html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- Content-Security-Policy-Report-Only: script-src 'unsafe-inline'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} --> +</head> +<body> + <script> + var t = async_test("Eval is allowed because the CSP is report-only"); + try { + eval("t.done()"); + } catch { + t.step(function() { assert_true(false, "The eval should have execute succesfully"); }) + } + </script> + + <script async defer src="../support/checkReport.sub.js?reportField=blocked-uri&reportValue=eval"></script> +</body> +</html> diff --git a/testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html.sub.headers b/testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html.sub.headers new file mode 100644 index 0000000000..09d8adec37 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/script-src/eval-allowed-in-report-only-mode-and-sends-report.html.sub.headers @@ -0,0 +1,2 @@ +Set-Cookie: eval-allowed-in-report-only-mode-and-sends-report={{$id:uuid()}}; Path=/content-security-policy/script-src +Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'self'; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} |