scriptnonce-invalidnonce.html | Explore in Territory

<!DOCTYPE html>
<html>
<head>
<script src='../resources/multiple-iframe-test.js'></script>
<script>
var tests = [
    ['no', 'script-src \'n', 'resources/script.js', ''],
    ['no', 'script-src \'nonce', 'resources/script.js', ''],
    ['no', 'script-src \'nonce-\'', 'resources/script.js', ''],
    ['no', 'script-src \'nonce-', 'resources/script.js', ''],
    ['no', 'script-src nonce-abcd', 'resources/script.js', ''],
    ['no', 'script-src \'nonce- \'', 'resources/script.js', ''],
    ['no', 'script-src \'nonce-     \'', 'resources/script.js', ''],
    ['no', 'script-src \'nonce- nonces have no spaces\'', 'resources/script.js', ''],
    ['no', 'script-src \'nonce-{}\'', 'resources/script.js', '{}'],
    ['no', 'script-src \'nonce-/\\\'', 'resources/script.js', '/\\'],
];
</script>
</head>
<body onload="testExperimentalPolicy()">
  <p>
      None of these scripts should execute, as all the nonces are invalid.
  </p>

chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/nonces/scriptnonce-invalidnonce.html