chromium/third_party/blink/web_tests/external/wpt/content-security-policy/meta/meta-modified.html

<!DOCTYPE html>
<html>

<head>
    <meta id="meta_csp" http-equiv="Content-Security-Policy" content="img-src 'none'">
    <title>meta-modified</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src='../support/logTest.sub.js?logs=["PASS", "PASS","TEST COMPLETE"]'></script>
</head>

<body>
<p>Test passes if the image is blocked both before and after policy modification.</p>

    <script>
    function testImgSrc() {
        var img = document.createElement('img');
        img.src = '../support/fail.png';
        img.onerror = function() {
            log("PASS");
        };
        img.onload = function() {
            log("FAIL");
        };
        document.body.appendChild(img);
    }
    testImgSrc();
    document.getElementById("meta_csp").setAttribute("content", "img-src *");
    testImgSrc();
    log("TEST COMPLETE");
    </script>
    <div id="log"></div>
</body>

</html>