nosniff-script-blocked.html | Explore in Territory

<!DOCTYPE html>
<html>
<head>
    <title>'X-Content-Type-Options: nosniff;' blocks scripts!</title>
<body>
    <script src="/js-test-resources/js-test.js"></script>
    <script>
        description('Check that script sent with an \'X-Content-Type-Options: nosniff\' header is correctly blocked if the MIME type isn\'t scripty.');
        window.jsTestIsAsync = true;

        var unscriptyMimeTypes = [
            'application/json',
            'image/png',
            'text/html',
            'text/vbs',
            'text/vbscript',
        ];

        window.scriptsSuccessfullyLoaded = 0;

        for (var i = 0; i < unscriptyMimeTypes.length; i++) {
            document.write('<script src="./resources/script-with-header.pl?mime=' + unscriptyMimeTypes[i] + '"><' + '/script>');
        }

        window.onload = function () {
            shouldBe('window.scriptsSuccessfullyLoaded', '0');
            finishJSTest();
        };
    </script>
</body>
</html>

chromium/third_party/blink/web_tests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html