content/base/test/csp/file_CSP_bug888172.html@6474c204b198
content/base/test/csp/file_CSP_bug888172.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!doctype html>
2 <html>
3 <body>
4 <ol>
5 <li id="unsafe-inline-script">Inline script (green if allowed, black if blocked)</li>
6 <li id="unsafe-eval-script">Eval script (green if allowed, black if blocked)</li>
7 <li id="unsafe-inline-style">Inline style (green if allowed, black if blocked)</li>
8 </ol>
10 <script>
11 // Use inline script to set a style attribute
12 document.getElementById("unsafe-inline-script").style.color = "green";
14 // Use eval to set a style attribute
15 // try/catch is used because CSP causes eval to throw an exception when it
16 // is blocked, which would derail the rest of the tests in this file.
17 try {
18 eval('document.getElementById("unsafe-eval-script").style.color = "green";');
19 } catch (e) {}
20 </script>
22 <style>
23 li#unsafe-inline-style {
24 color: green;
25 }
26 </style>
27 </body>
28 </html>
