content/base/test/csp/file_CSP_inlinescript_main.html@deefc01c0e14 (annotated)
content/base/test/csp/file_CSP_inlinescript_main.html
Thu, 15 Jan 2015 21:03:48 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 15 Jan 2015 21:03:48 +0100
- branch
- TOR_BUG_9701
- changeset 11
- deefc01c0e14
- permissions
- -rw-r--r--
Integrate friendly tips from Tor colleagues to make (or not) 4.5 alpha 3;
This includes removal of overloaded (but unused) methods, and addition of
a overlooked call to DataStruct::SetData(nsISupports, uint32_t, bool.)
| michael@0 | 1 | <!-- |
| michael@0 | 2 | -- The original CSP implementation predates the CSP 1.0 spec and didn't |
| michael@0 | 3 | -- block inline styles, so when the prefixed X-Content-Security-Policy header is used, |
| michael@0 | 4 | -- as it is for this file, inline styles should be allowed. |
| michael@0 | 5 | --> |
| michael@0 | 6 | <html> |
| michael@0 | 7 | <head> |
| michael@0 | 8 | <title>CSP inline script tests</title> |
| michael@0 | 9 | </head> |
| michael@0 | 10 | <body onload="window.parent.scriptRan(false, 'eventattr', 'event attribute in body tag fired')"> |
| michael@0 | 11 | |
| michael@0 | 12 | <script type="text/javascript"> |
| michael@0 | 13 | window.parent.scriptRan(false, "textnode", "text node in a script tag executed."); |
| michael@0 | 14 | </script> |
| michael@0 | 15 | |
| michael@0 | 16 | <iframe src='javascript:window.parent.parent.scriptRan(false, "jsuri", "javascript: uri in image tag")'></iframe> |
| michael@0 | 17 | |
| michael@0 | 18 | <a id='anchortoclick' href='javascript:window.parent.scriptRan(false, "jsuri", "javascript: uri in anchor tag ran when clicked.");'>stuff</a> |
| michael@0 | 19 | </body> |
| michael@0 | 20 | </html> |
