<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script';">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
tests = 2;
window.addEventListener("message", function(message) {
alert("message: " + message.data);
tests -= 1;
test();
}, false);
function setup() {
// This is needed because isolated worlds are not reset between test
// runs and a previous test's CSP may interfere with this test. See
// https://crbug.com/415845.
testRunner.setIsolatedWorldInfo(1, null, null);
}
function test() {
function setScript() {
try {
document.getElementById("target").textContent = "2+2;";
window.postMessage("pass", "*");
} catch (e) {
window.postMessage("blocked", "*");
}
}
alert("Running test #" + tests);
switch (tests) {
case 2:
setScript();
break;
case 1:
testRunner.setIsolatedWorldInfo(1, 'chrome-extension://123', '');
testRunner.evaluateScriptInIsolatedWorld(1, setScript.toString() + " setScript();");
break;
case 0:
// Reset isolated worlds for other tests.
testRunner.setIsolatedWorldInfo(1, null, null);
testRunner.notifyDone();
break;
}
}
</script>
<script id="target"></script>
</head>
<body onload="setup(); test();">
<p>
This test ensures that scripts run in isolated worlds marked with their
own Content Security Policy aren't affected by the page's content
security policy. Extensions, for example, should not be restricted by the
page's Trusted Types policy.
</p>
</body>
</html>
Codebase Browser
chromium