content/base/test/csp/file_CSP_bug888172.html@deefc01c0e14
content/base/test/csp/file_CSP_bug888172.html
Thu, 15 Jan 2015 21:03:48 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 15 Jan 2015 21:03:48 +0100
- branch
- TOR_BUG_9701
- changeset 11
- deefc01c0e14
- permissions
- -rw-r--r--
Integrate friendly tips from Tor colleagues to make (or not) 4.5 alpha 3;
This includes removal of overloaded (but unused) methods, and addition of
a overlooked call to DataStruct::SetData(nsISupports, uint32_t, bool.)
1 <!doctype html>
2 <html>
3 <body>
4 <ol>
5 <li id="unsafe-inline-script">Inline script (green if allowed, black if blocked)</li>
6 <li id="unsafe-eval-script">Eval script (green if allowed, black if blocked)</li>
7 <li id="unsafe-inline-style">Inline style (green if allowed, black if blocked)</li>
8 </ol>
10 <script>
11 // Use inline script to set a style attribute
12 document.getElementById("unsafe-inline-script").style.color = "green";
14 // Use eval to set a style attribute
15 // try/catch is used because CSP causes eval to throw an exception when it
16 // is blocked, which would derail the rest of the tests in this file.
17 try {
18 eval('document.getElementById("unsafe-eval-script").style.color = "green";');
19 } catch (e) {}
20 </script>
22 <style>
23 li#unsafe-inline-style {
24 color: green;
25 }
26 </style>
27 </body>
28 </html>
