зеркало из https://github.com/mozilla/gecko-dev.git
30 строки
847 B
HTML
30 строки
847 B
HTML
<!DOCTYPE html>
|
|
<html>
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Security-Policy" content="script-src-elem 'self' 'unsafe-inline';
|
|
script-src-attr 'none';">
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
</head>
|
|
|
|
<body>
|
|
<script>
|
|
var t = async_test("Should fire a security policy violation for the attribute");
|
|
window.addEventListener('securitypolicyviolation', t.step_func_done(function(e) {
|
|
assert_equals(e.violatedDirective, 'script-src-attr');
|
|
assert_equals(e.blockedURI, 'inline');
|
|
}));
|
|
|
|
var t1 = async_test("Should execute the inline script block");
|
|
</script>
|
|
|
|
<script>
|
|
t1.done();
|
|
</script>
|
|
|
|
<img src="../support/pass.png" onload="t.unreached_func('should not have run this event handler')">
|
|
</body>
|
|
|
|
</html>
|