<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-noncynonce' 'nonce-noncy+/=' 'unsafe-inline'">
<script nonce="noncynonce">
if (window.testRunner)
testRunner.dumpAsText();
</script>
<script nonce="noncynonce">
alert('PASS (1/2)');
</script>
<script nonce="noncy+/=">
alert('PASS (2/2)');
</script>
<script>
alert('FAIL (1/1)');
</script>
</head>
<body>
<p>
This tests that a valid nonce disables inline JavaScript, even if 'unsafe-inline' is present.
</p>
</body>
</html>
Codebase Browser
chromium