third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp-for-inline-style-expected.txt - chromium/src - Git at Google

 CONSOLE MESSAGE: line 58: Injecting in main world: this should fail.
 CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-VW0vOGrZCqH0TKtw5B5uFtLP1DqNIIUce/tDyu/378c='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

 CONSOLE MESSAGE: line 31: PASS: Style assignment in test 4 was not blocked by CSP.
 CONSOLE MESSAGE: line 62: Injecting into isolated world without bypass: this should fail.
 CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-mqk0x+ZowQUO8stz3Tm8e/4c044WSEbqlTVrz4jf9ko='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

 CONSOLE MESSAGE: line 19: PASS: Style assignment in test 3 was not blocked by CSP.
 CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-ZBTj5RHLnrF+IxdRZM2RuLfjTJQXNSi7fLQHr09onfY='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

 CONSOLE MESSAGE: line 17: PASS: Style attribute assignment in test 3 was not blocked by CSP.
 CONSOLE MESSAGE: line 67: Starting to bypass main world's CSP: this should pass!
 CONSOLE MESSAGE: line 12: PASS: Style assignment in test 2 was blocked by CSP.
 CONSOLE MESSAGE: line 10: PASS: Style attribute assignment in test 2 was blocked by CSP.
 CONSOLE MESSAGE: line 73: Injecting into main world again: this should fail.
 CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-bUBNmssmL79UBWplbQJyN9Hi2tRE9H345W5DVyjdUq4='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

 CONSOLE MESSAGE: line 31: PASS: Style assignment in test 1 was not blocked by CSP.
 This test ensures that style applied in isolated worlds marked with their own Content Security Policy aren't affected by the page's content security policy. Extensions, for example, should be able to inject inline CSS (even though it's probably a bad idea to do so).
	CONSOLE MESSAGE: line 58: Injecting in main world: this should fail.
	CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-VW0vOGrZCqH0TKtw5B5uFtLP1DqNIIUce/tDyu/378c='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

	CONSOLE MESSAGE: line 31: PASS: Style assignment in test 4 was not blocked by CSP.
	CONSOLE MESSAGE: line 62: Injecting into isolated world without bypass: this should fail.
	CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-mqk0x+ZowQUO8stz3Tm8e/4c044WSEbqlTVrz4jf9ko='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

	CONSOLE MESSAGE: line 19: PASS: Style assignment in test 3 was not blocked by CSP.
	CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-ZBTj5RHLnrF+IxdRZM2RuLfjTJQXNSi7fLQHr09onfY='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

	CONSOLE MESSAGE: line 17: PASS: Style attribute assignment in test 3 was not blocked by CSP.
	CONSOLE MESSAGE: line 67: Starting to bypass main world's CSP: this should pass!
	CONSOLE MESSAGE: line 12: PASS: Style assignment in test 2 was blocked by CSP.
	CONSOLE MESSAGE: line 10: PASS: Style attribute assignment in test 2 was blocked by CSP.
	CONSOLE MESSAGE: line 73: Injecting into main world again: this should fail.
	CONSOLE ERROR: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-bUBNmssmL79UBWplbQJyN9Hi2tRE9H345W5DVyjdUq4='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

	CONSOLE MESSAGE: line 31: PASS: Style assignment in test 1 was not blocked by CSP.
	This test ensures that style applied in isolated worlds marked with their own Content Security Policy aren't affected by the page's content security policy. Extensions, for example, should be able to inject inline CSS (even though it's probably a bad idea to do so).