source-list-parsing-paths-02.html | Explore in Territory

<!DOCTYPE html>
<html>
<head>
<script src='resources/multiple-iframe-test.js'></script>
<script>
var tests = [
    ['yes', 'script-src 127.0.0.1:*/security/#query=string', 'resources/script.js'],
    ['yes', 'script-src 127.0.0.1:*/security/?query=string', 'resources/script.js'],
    ['no', 'script-src 127.0.0.1:*/not-security/#query=string', 'resources/script.js'],
    ['no', 'script-src 127.0.0.1:*/not-security/?query=string', 'resources/script.js'],
    ['no', 'script-src 127.0.0.1:*/security', 'resources/script.js'],
    ['yes', 'script-src 127.0.0.1:*/security/', 'resources/script.js'],
    ['yes', 'script-src 127.0.0.1:*/security/contentSecurityPolicy/resources/script.js', 'resources/script.js'],
    ['no', 'script-src 127.0.0.1:*/security/contentSecurityPolicy/resources/script.js/', 'resources/script.js']
];
</script>
</head>
<body onload="test()">
  <p>
    Resources should be rejected unless they match a whitelisted path.
  </p>

chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-02.html