blob: 40732bcc3a13bb96b769ba8e76c1f8e93dfc3125 [file] [log] [blame]
<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta http-equiv="Content-Security-Policy" content="require-sri-for script; script-src 'self' 'unsafe-inline'">
<script>
async_test(t => {
var watcher = new EventWatcher(t, document, ['securitypolicyviolation']);
watcher
.wait_for('securitypolicyviolation')
.then(t.step_func_done(e => {
assert_equals(e.blockedURI, "http://127.0.0.1:8000/security/contentSecurityPolicy/require-sri-for/not-ran.js");
}));
}, "Script without integrity generates reports.");
var executed_test = async_test("Script that requires integrity executes and does not generate a violation report.");
var unexecuted_test = async_test("Request to script without integrity is blocked, and generates violation report");
</script>
<script crossorigin integrity="sha384-SOGIJ0vOWzweNE6RLF/TOXGmPzCxF5+dNuBP4x1NgnKsfC4yFCVIDJILalTMwUrp" src="ran.js"></script>
<svg xmlns="http://www.w3.org/2000/svg">
<script xlink:href="not-ran.js"></script>
</svg>
<script>
executed_test.done();
unexecuted_test.done();
</script>