<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'sha256-0WwzeJrO6lcDUe7o6BR3lx0b8uiBvXBX5MNFFKF7iYE=' 'unsafe-inline'">
<script>
if (window.testRunner)
testRunner.dumpAsText();
alert('PASS (1/1)');
</script>
<script>
alert('FAIL (1/1)');
</script>
</head>
<body>
<p>
This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present.
</p>
</body>
</html>
Codebase Browser
chromium