--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -842,19 +842,22 @@ nsCSPKeywordSrc::allows(enum CSPKeyword 
   if (mInvalidated) {
     // only 'self' and 'unsafe-inline' are keywords that can be ignored. Please note that
     // the parser already translates 'self' into a uri (see assertion in constructor).
     MOZ_ASSERT(mKeyword == CSP_UNSAFE_INLINE,
                "should only invalidate unsafe-inline");
     return false;
   }
   // either the keyword allows the load or the policy contains 'strict-dynamic', in which
-  // case we have to make sure the script is not parser created before allowing the load.
+  // case we have to make sure the script is not parser created before allowing the load
+  // and also eval should be blocked even if 'strict-dynamic' is present. Should be
+  // allowed only if 'unsafe-eval' is present.
   return ((mKeyword == aKeyword) ||
-          ((mKeyword == CSP_STRICT_DYNAMIC) && !aParserCreated));
+          ((mKeyword == CSP_STRICT_DYNAMIC) && !aParserCreated &&
+            aKeyword != CSP_UNSAFE_EVAL));
 }
 
 bool
 nsCSPKeywordSrc::visit(nsCSPSrcVisitor* aVisitor) const
 {
   return aVisitor->visitKeywordSrc(*this);
 }
 

deleted file mode 100644
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-strict_dynamic_eval.html]
-  [Script injected via `eval` is not allowed with `strict-dynamic` without `unsafe-eval`.]
-    expected: FAIL
-

deleted file mode 100644
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-strict_dynamic_new_function.html]
-  [Script injected via 'eval' is not allowed with 'strict-dynamic' without 'unsafe-eval'.]
-    expected: FAIL
-