third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-paths-01.html - chromium/src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <script src='resources/multiple-iframe-test.js'></script>
 <script>
 var security = '%73%65%63%75%72%69%74%79';
 var resources = '%72%65%73%6f%75%72%63%65%73';
 var tests = [
     ['no', 'script-src 127.0.0.1:*/sec', 'resources/script.js'],
     ['no', 'script-src 127.0.0.1:*/sec/', 'resources/script.js'],
     ['no', 'script-src 127.0.0.1:8000/not-security', 'resources/script.js'],
     ['no', 'script-src 127.0.0.1:8000/security%3bnot-contentSecurityPolicy', 'resources/script.js'],
     ['yes', 'script-src 127.0.0.1:*/' + security + '/', 'resources/script.js'],
     ['yes', 'script-src 127.0.0.1:*/security/', resources + '/script.js'],
     ['yes', 'script-src 127.0.0.1:*/' + security + '/', resources + '/script.js'],
 ];
 </script>
 </head>
 <body onload="test()">
   <p>
     Resources should be rejected unless they match a whitelisted path.
   </p>
	<!DOCTYPE html>
	<html>
	<head>
	<script src='resources/multiple-iframe-test.js'></script>
	<script>
	var security = '%73%65%63%75%72%69%74%79';
	var resources = '%72%65%73%6f%75%72%63%65%73';
	var tests = [
	['no', 'script-src 127.0.0.1:*/sec', 'resources/script.js'],
	['no', 'script-src 127.0.0.1:*/sec/', 'resources/script.js'],
	['no', 'script-src 127.0.0.1:8000/not-security', 'resources/script.js'],
	['no', 'script-src 127.0.0.1:8000/security%3bnot-contentSecurityPolicy', 'resources/script.js'],
	['yes', 'script-src 127.0.0.1:*/' + security + '/', 'resources/script.js'],
	['yes', 'script-src 127.0.0.1:*/security/', resources + '/script.js'],
	['yes', 'script-src 127.0.0.1:*/' + security + '/', resources + '/script.js'],
	];
	</script>
	</head>
	<body onload="test()">
	<p>
	Resources should be rejected unless they match a whitelisted path.
	</p>