Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/contentTypeOptions/block-text-as-script.html 

<!DOCTYPE html>
<head>
    <title>Block 'text/csv' when served as script.</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script>
      window.scriptsSuccessfullyLoaded = 0;
    </script>
</head>
<body>
    <script src="resources/script-with-header.pl?mime=text/csv&amp;options=invalid"></script>
    <script>
      test(function () {
        assert_equals(window.scriptsSuccessfullyLoaded, 0);
      }, "text/csv scripts should be blocked.");
    </script>
    <script src="resources/script-with-header.pl?mime=text/html&amp;options=invalid"></script>
    <script src="resources/script-with-header.pl?mime=text/plain&amp;options=invalid"></script>
    <script>
      test(function () {
        assert_equals(window.scriptsSuccessfullyLoaded, 2);
      }, "text/[not-csv] scripts should not be blocked.");
    </script>
</body>
</html>