content/base/test/csp/file_CSP_bug885433_blocks.html@deefc01c0e14
content/base/test/csp/file_CSP_bug885433_blocks.html
Thu, 15 Jan 2015 21:03:48 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 15 Jan 2015 21:03:48 +0100
- branch
- TOR_BUG_9701
- changeset 11
- deefc01c0e14
- permissions
- -rw-r--r--
Integrate friendly tips from Tor colleagues to make (or not) 4.5 alpha 3;
This includes removal of overloaded (but unused) methods, and addition of
a overlooked call to DataStruct::SetData(nsISupports, uint32_t, bool.)
1 <!doctype html>
2 <!--
3 The Content-Security-Policy header for this file is:
5 Content-Security-Policy: default-src 'self';
7 The Content-Security-Policy header for this file includes the default-src
8 directive, which triggers the default behavior of blocking unsafe-inline and
9 unsafe-eval on scripts, and unsafe-inline on styles.
10 -->
11 <html>
12 <body>
13 <ol>
14 <li id="unsafe-inline-script-blocked">Inline script blocked (this text should be black)</li>
15 <li id="unsafe-eval-script-blocked">Eval script blocked (this text should be black)</li>
16 <li id="unsafe-inline-style-blocked">Inline style blocked (this text should be black)</li>
17 </ol>
19 <script>
20 // Use inline script to set a style attribute
21 document.getElementById("unsafe-inline-script-blocked").style.color = "green";
23 // Use eval to set a style attribute
24 // try/catch is used because CSP causes eval to throw an exception when it
25 // is blocked, which would derail the rest of the tests in this file.
26 try {
27 eval('document.getElementById("unsafe-eval-script-blocked").style.color = "green";');
28 } catch (e) {}
29 </script>
31 <style>
32 li#unsafe-inline-style-blocked {
33 color: green;
34 }
35 </style>
36 </body>
37 </html>
