1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/content/base/test/csp/file_CSP_bug888172.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,28 @@
1.4 +<!doctype html>
1.5 +<html>
1.6 + <body>
1.7 + <ol>
1.8 + <li id="unsafe-inline-script">Inline script (green if allowed, black if blocked)</li>
1.9 + <li id="unsafe-eval-script">Eval script (green if allowed, black if blocked)</li>
1.10 + <li id="unsafe-inline-style">Inline style (green if allowed, black if blocked)</li>
1.11 + </ol>
1.12 +
1.13 + <script>
1.14 + // Use inline script to set a style attribute
1.15 + document.getElementById("unsafe-inline-script").style.color = "green";
1.16 +
1.17 + // Use eval to set a style attribute
1.18 + // try/catch is used because CSP causes eval to throw an exception when it
1.19 + // is blocked, which would derail the rest of the tests in this file.
1.20 + try {
1.21 + eval('document.getElementById("unsafe-eval-script").style.color = "green";');
1.22 + } catch (e) {}
1.23 + </script>
1.24 +
1.25 + <style>
1.26 + li#unsafe-inline-style {
1.27 + color: green;
1.28 + }
1.29 + </style>
1.30 + </body>
1.31 +</html>
