<!DOCTYPE html>
<html>
<head>
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
</head>
<body>
<script nonce='abc'>
var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
var blob = new Blob([blob_string], {type : 'text/html'});
var url = URL.createObjectURL(blob);
var i = document.createElement('iframe');
i.src = url;
i.sandbox = "allow-scripts";
document.body.appendChild(i);
</script>
<script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
</body>
</html>
Codebase Browser
chromium