<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-hashes' 'nonce-abc' 'sha256-wmuLCpoj8EMqfQlPnt5NIMgKkCK62CxAkAiewI0zZps='; img-src *;">
<title>Event handlers should be allowed if a matching hash and 'unsafe-hashes' are present</title>
<script src='/resources/testharness.js' nonce='abc'></script>
<script src='/resources/testharnessreport.js' nonce='abc'></script>
</head>
<body>
<div id='log'></div>
<script nonce='abc'>
var t1 = async_test("Test that the inline event handler is allowed to run");
window.addEventListener('securitypolicyviolation', t1.unreached_func("Should have not raised any event"));
</script>
<img src='../support/pass.png'
onload='t1.done();'>
</body>
</html>
Codebase Browser
chromium