Fossil SCM
|
1
|
<!DOCTYPE html> |
|
2
|
<html> |
|
3
|
<head> |
|
4
|
<title>Title: Content Security Policy Test</title> |
|
5
|
</head> |
|
6
|
<body> |
|
7
|
<h1>Content Security Policy Test</h1> |
|
8
|
|
|
9
|
<p>If the content-security-policy is ineffective, a pop-up dialog |
|
10
|
box will appears. If there is no dialog box, then CSP is working |
|
11
|
correctly.</p> |
|
12
|
|
|
13
|
<script>alert('Content Security Policy is ineffective');</script> |
|
14
|
<img src='/' onerror='alert("CSP is ineffective")'> |
|
15
|
|
|
16
|
<p>As a double-check, open the Developer Console in your web-browser |
|
17
|
and verify that two CSP violations were detected and blocked.</p> |
|
18
|
</body> |
|
19
|
|