content/base/test/csp/file_CSP_inlinescript_main.html@129ffea94266
content/base/test/csp/file_CSP_inlinescript_main.html
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
1 <!--
2 -- The original CSP implementation predates the CSP 1.0 spec and didn't
3 -- block inline styles, so when the prefixed X-Content-Security-Policy header is used,
4 -- as it is for this file, inline styles should be allowed.
5 -->
6 <html>
7 <head>
8 <title>CSP inline script tests</title>
9 </head>
10 <body onload="window.parent.scriptRan(false, 'eventattr', 'event attribute in body tag fired')">
12 <script type="text/javascript">
13 window.parent.scriptRan(false, "textnode", "text node in a script tag executed.");
14 </script>
16 <iframe src='javascript:window.parent.parent.scriptRan(false, "jsuri", "javascript: uri in image tag")'></iframe>
18 <a id='anchortoclick' href='javascript:window.parent.scriptRan(false, "jsuri", "javascript: uri in anchor tag ran when clicked.");'>stuff</a>
19 </body>
20 </html>
