testing/web-platform/tests/content-security-policy/securitypolicyviolation/source-file-data-scheme.html
author Florian Quèze <florian@queze.net>
Tue, 08 Jul 2025 20:48:53 +0000 (11 hours ago)
changeset 795809 b01190f141a12f4b506acb1f4476561c4b0f2407
parent 686608 49d94b91efadbda959b163b076175ae358e421e5
permissions -rw-r--r--
Bug 1960567 - remove the last C++ and scriptable APIs to accumulate data to legacy telemetry histograms, r=chutten. Differential Revision: https://phabricator.services.mozilla.com/D255582
<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc' data:">
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
<script nonce="abc">
    async_test(t => {
        var watcher = new EventWatcher(t, document, 'securitypolicyviolation');
        watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
            assert_equals(e.blockedURI, "eval");
            assert_equals(e.sourceFile, "data");
            assert_equals(e.lineNumber, 3);
            assert_equals(e.columnNumber, 17);
        }));

        var scriptText = `
            try {
                eval("assert_unreached('no eval')");
            } catch (e) {
                assert_equals(e.name, 'EvalError');
            }
        `;
        var s = document.createElement("script");
        s.src = "data:text/javascript," + encodeURIComponent(scriptText);
        document.head.append(s);
    }, "Violations from data:-URL scripts have a sourceFile of 'data'");
</script>