chromium/third_party/blink/web_tests/external/wpt/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html

<!doctype html>
<meta charset=utf-8>
<meta http-equiv="Content-Security-Policy" content="font-src 'none'">
<head>
  <title>Test font does not load if it does not match font-src.</title>
  <script src='/resources/testharness.js'></script>
  <script src='/resources/testharnessreport.js'></script>
</head>
<body>
  <div id="log"></div>
  <script>
    async_test(function(t) {
      var link = document.createElement('link');
      link.rel="stylesheet";
      link.type="text/css";
      link.href="/content-security-policy/support/fonts.css";
      // The stylesheet should stil load, even though the font contained does not
      link.onerror = t.unreached_func("Should have loaded the stylesheet.");
      document.addEventListener("securitypolicyviolation", t.step_func_done(function(e) {
        assert_equals(e.violatedDirective, "font-src");
      }));
      document.getElementsByTagName('head')[0].appendChild(link);
    }, "Test font does not load if it does not match font-src.");
  </script>
</body>