Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/contentTypeOptions/invalid-content-type-options-allowed.html 

<!DOCTYPE html>
<html>
<head>
    <title>'X-Content-Type-Options: nosniff;' blocks scripts!</title>
<body>
    <script src="/js-test-resources/js-test.js"></script>
    <script>
        description('Check that script sent with an invalid \'X-Content-Type-Options: nosniff\' header is correctly allowed, even if the MIME type isn\'t scripty.');
        window.jsTestIsAsync = true;

        var unscriptyMimeTypes = [
            'application/json',
            'text/html',
            'text/vbs',
            'text/vbscript',
            'text/x-javascript',
        ];

        window.scriptsSuccessfullyLoaded = 0;

        for (var i = 0; i < unscriptyMimeTypes.length; i++) {
            document.write('<script src="./resources/script-with-header.pl?mime=' + unscriptyMimeTypes[i] + '&amp;options=invalid"><' + '/script>');
        }

        window.onload = function () {
            shouldBe('window.scriptsSuccessfullyLoaded', 'unscriptyMimeTypes.length');
            finishJSTest();
        };
    </script>
</body>
</html>