Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/source-list-parsing-11.html 

<!DOCTYPE html>
<html>
    <head>
        <title>*.x.y should match only hosts that end in .x.y</title>
        <script src="/resources/testharness.js"></script>
        <script src="/resources/testharnessreport.js"></script>
        <meta http-equiv="Content-Security-Policy" content="script-src *.localhost:8000 'self' 'unsafe-inline'">
    </head>
    <script>
        window.result = false;
    </script>
    <script src="//localhost:8000/security/contentSecurityPolicy/resources/script-set-value.js"></script>
    <script>
    setup({single_test: true});
    assert_false(window.result);
    done();
    </script>
</html>