tenfourfox/dom/security/test/csp/file_bug888172.html
Cameron Kaiser c9b2922b70 hello FPR
2017-04-19 00:56:45 -07:00

29 lines
890 B
HTML

<!doctype html>
<html>
<body>
<ol>
<li id="unsafe-inline-script">Inline script (green if allowed, black if blocked)</li>
<li id="unsafe-eval-script">Eval script (green if allowed, black if blocked)</li>
<li id="unsafe-inline-style">Inline style (green if allowed, black if blocked)</li>
</ol>
<script>
// Use inline script to set a style attribute
document.getElementById("unsafe-inline-script").style.color = "green";
// Use eval to set a style attribute
// try/catch is used because CSP causes eval to throw an exception when it
// is blocked, which would derail the rest of the tests in this file.
try {
eval('document.getElementById("unsafe-eval-script").style.color = "green";');
} catch (e) {}
</script>
<style>
li#unsafe-inline-style {
color: green;
}
</style>
</body>
</html>