3 <head> <meta charset=
"utf-8"> </head>
4 <script type=
"text/javascript">
5 function ok(result
, desc
) {
6 window
.parent
.postMessage({ok
: result
, desc
}, "*");
10 ok(true, "documents sandboxed with allow-scripts should be able to run inline scripts");
13 <script src='file_sandbox_fail.js'
></script>
14 <body onLoad='ok(true,
"documents sandboxed with allow-scripts should be able to run script from event listeners");doStuff();'
>
15 I am sandboxed but with only inline
"allow-scripts"
17 <!-- Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'; sandbox allow-scripts -->
19 <!-- these should be stopped by CSP -->
20 <img src=
"/tests/dom/security/test/csp/file_CSP.sjs?testid=img11_bad&type=img/png" />
21 <img src=
"http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=img11a_bad&type=img/png"> </img>
22 <script src='/tests/dom/security/test/csp/file_CSP.sjs?testid=script11_bad&type=text/javascript'
></script>
23 <script src='http://example.org/tests/dom/security/test/csp/file_CSP.sjs?testid=script11a_bad&type=text/javascript'
></script>