testing/web-platform/tests/content-security-policy/securitypolicyviolation/blockeduri-eval.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

<!doctype html>
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script>
    async_test(t => {
        var watcher = new EventWatcher(t, document, 'securitypolicyviolation');
        watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
            assert_equals(e.blockedURI, "eval");
            assert_equals(e.lineNumber, 15);
            assert_equals(e.columnNumber, 12);
        }));

        try {
            eval("assert_unreached('eval() should be blocked.");
        } catch (e) {
            assert_equals(e.name, 'EvalError');
        }
    }, "Eval violations have a blockedURI of 'eval'");
</script>