<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc' blob:">
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
<script nonce="abc">
async_test(t => {
var watcher = new EventWatcher(t, document, 'securitypolicyviolation');
watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
assert_equals(e.blockedURI, "eval");
assert_equals(e.sourceFile, "blob");
assert_equals(e.lineNumber, 3);
assert_equals(e.columnNumber, 17);
}));
var scriptText = `
try {
eval("assert_unreached('no eval')");
} catch (e) {
assert_equals(e.name, 'EvalError');
}
`;
var s = document.createElement("script");
s.src = URL.createObjectURL(new Blob([scriptText], {type: "text/javascript"}));
document.head.append(s);
}, "Violations from data:-URL scripts have a sourceFile of 'blob'");
</script>
Codebase Browser
chromium