The Tor Browser / file comparison
comparison: content/base/test/csp/file_CSP_bug888172.html
content/base/test/csp/file_CSP_bug888172.html
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:5d2e996b9987 |
|---|---|
| 1 <!doctype html> | |
| 2 <html> | |
| 3 <body> | |
| 4 <ol> | |
| 5 <li id="unsafe-inline-script">Inline script (green if allowed, black if blocked)</li> | |
| 6 <li id="unsafe-eval-script">Eval script (green if allowed, black if blocked)</li> | |
| 7 <li id="unsafe-inline-style">Inline style (green if allowed, black if blocked)</li> | |
| 8 </ol> | |
| 9 | |
| 10 <script> | |
| 11 // Use inline script to set a style attribute | |
| 12 document.getElementById("unsafe-inline-script").style.color = "green"; | |
| 13 | |
| 14 // Use eval to set a style attribute | |
| 15 // try/catch is used because CSP causes eval to throw an exception when it | |
| 16 // is blocked, which would derail the rest of the tests in this file. | |
| 17 try { | |
| 18 eval('document.getElementById("unsafe-eval-script").style.color = "green";'); | |
| 19 } catch (e) {} | |
| 20 </script> | |
| 21 | |
| 22 <style> | |
| 23 li#unsafe-inline-style { | |
| 24 color: green; | |
| 25 } | |
| 26 </style> | |
| 27 </body> | |
| 28 </html> |
