diff options
Diffstat (limited to 'testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html')
-rw-r--r-- | testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html new file mode 100644 index 0000000000..06511571d4 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc' data:"> +<script nonce="abc" src="/resources/testharness.js"></script> +<script nonce="abc" src="/resources/testharnessreport.js"></script> +<script nonce="abc"> + async_test(t => { + var watcher = new EventWatcher(t, document, 'securitypolicyviolation'); + watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => { + assert_equals(e.blockedURI, "eval"); + assert_equals(e.sourceFile, "data"); + assert_equals(e.lineNumber, 3); + assert_equals(e.columnNumber, 16); + })); + + var scriptText = ` + try { + eval("assert_unreached('no eval')"); + } catch (e) { + assert_equals(e.name, 'EvalError'); + } + `; + var s = document.createElement("script"); + s.src = "data:text/javascript," + encodeURIComponent(scriptText); + document.head.append(s); + }, "Violations from data:-URL scripts have a sourceFile of 'data'"); +</script> |