Fossil SCM
| 14c81d9… | drh | 1 | <!DOCTYPE html> |
| 14c81d9… | drh | 2 | <html> |
| 14c81d9… | drh | 3 | <head> |
| 14c81d9… | drh | 4 | <title>Title: Content Security Policy Test</title> |
| 14c81d9… | drh | 5 | </head> |
| 14c81d9… | drh | 6 | <body> |
| 14c81d9… | drh | 7 | <h1>Content Security Policy Test</h1> |
| 14c81d9… | drh | 8 | |
| 14c81d9… | drh | 9 | <p>If the content-security-policy is ineffective, a pop-up dialog |
| 14c81d9… | drh | 10 | box will appears. If there is no dialog box, then CSP is working |
| 14c81d9… | drh | 11 | correctly.</p> |
| 14c81d9… | drh | 12 | |
| 14c81d9… | drh | 13 | <script>alert('Content Security Policy is ineffective');</script> |
| 14c81d9… | drh | 14 | <img src='/' onerror='alert("CSP is ineffective")'> |
| 14c81d9… | drh | 15 | |
| 14c81d9… | drh | 16 | <p>As a double-check, open the Developer Console in your web-browser |
| 14c81d9… | drh | 17 | and verify that two CSP violations were detected and blocked.</p> |
| 14c81d9… | drh | 18 | </body> |