Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-script-expected.txt 

CONSOLE MESSAGE: Injecting in main world: this should fail.
CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.

CONSOLE ERROR: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-/zNPOvYKSO49DBmlcgq0Kw1mbrAMhEU0Olki2JQCDME='), or a nonce ('nonce-...') is required to enable inline execution.

CONSOLE MESSAGE: Injecting into isolated world without bypass: this should fail.
CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-weyW8ZEkQAD8it2iIcRJESCAdVG/APiGxF6JYEqMvKo='), or a nonce ('nonce-...') is required to enable inline execution.

CONSOLE ERROR: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-pB86azbmdo0Ymgsz9MvuZe0osiEViwXGte4Z0AtHPXs='), or a nonce ('nonce-...') is required to enable inline execution.

CONSOLE MESSAGE: Allowing unsafe-inline for the isolated world: this should pass!
CONSOLE MESSAGE: EXECUTED in isolated world.
CONSOLE ERROR: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

CONSOLE MESSAGE: Executed using document.write in isolated world. Is main world: true
CONSOLE MESSAGE: Disallowing unsafe-inline for the isolated world.
CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-weyW8ZEkQAD8it2iIcRJESCAdVG/APiGxF6JYEqMvKo='), or a nonce ('nonce-...') is required to enable inline execution.

CONSOLE ERROR: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-pB86azbmdo0Ymgsz9MvuZe0osiEViwXGte4Z0AtHPXs='), or a nonce ('nonce-...') is required to enable inline execution.

CONSOLE MESSAGE: Using an empty CSP for the isolated world. This should pass.
CONSOLE MESSAGE: EXECUTED in isolated world.
CONSOLE ERROR: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

CONSOLE MESSAGE: Executed using document.write in isolated world. Is main world: true
CONSOLE MESSAGE: Injecting into main world again: this should fail.
CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-09Et/dqtUwF1zPoVDKo5ZDj2NUXqkLUxcQfh9UtQQt0='), or a nonce ('nonce-...') is required to enable inline execution.

CONSOLE ERROR: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

CONSOLE ERROR: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-/zNPOvYKSO49DBmlcgq0Kw1mbrAMhEU0Olki2JQCDME='), or a nonce ('nonce-...') is required to enable inline execution.

This tests the behavior of inline scripts in isolated worlds and its interaction with the page and isolated world CSP.