The Tor Browser / file comparison
comparison: content/base/test/csp/file_CSP_inlinescript_main.html
content/base/test/csp/file_CSP_inlinescript_main.html
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:5f6925c4c120 |
|---|---|
| 1 <!-- | |
| 2 -- The original CSP implementation predates the CSP 1.0 spec and didn't | |
| 3 -- block inline styles, so when the prefixed X-Content-Security-Policy header is used, | |
| 4 -- as it is for this file, inline styles should be allowed. | |
| 5 --> | |
| 6 <html> | |
| 7 <head> | |
| 8 <title>CSP inline script tests</title> | |
| 9 </head> | |
| 10 <body onload="window.parent.scriptRan(false, 'eventattr', 'event attribute in body tag fired')"> | |
| 11 | |
| 12 <script type="text/javascript"> | |
| 13 window.parent.scriptRan(false, "textnode", "text node in a script tag executed."); | |
| 14 </script> | |
| 15 | |
| 16 <iframe src='javascript:window.parent.parent.scriptRan(false, "jsuri", "javascript: uri in image tag")'></iframe> | |
| 17 | |
| 18 <a id='anchortoclick' href='javascript:window.parent.scriptRan(false, "jsuri", "javascript: uri in anchor tag ran when clicked.");'>stuff</a> | |
| 19 </body> | |
| 20 </html> |
