Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 2 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /html/semantics/document-metadata/the-style-element/tentative/style-element-csp-both-blocked.html - WPT Dashboard Interop Dashboard
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<meta name="author" title="Kurt Catti-Schmidt" href="mailto:kschmi@microsoft.com" />
<link rel="help" href="https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/ShadowDOM/explainer.md" />
<script nonce="abc123" src="/resources/testharness.js"></script>
<script nonce="abc123" src="/resources/testharnessreport.js"></script>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc123'; style-src 'none';">
<script nonce="abc123">
let violated_directives = new Set();
const t1 = async_test("securitypolicyviolation events fire for both style-src and script-src");
document.documentElement.addEventListener("securitypolicyviolation",
t1.step_func(function(e) {
violated_directives.add(e.violatedDirective.split(" ")[0]);
// We expect violations from both style-src and script-src directives.
if (violated_directives.has("style-src-elem") && violated_directives.has("script-src-elem")) {
t1.done();
}
}));
const t2 = async_test("error event fires on style module blocked by both CSPs");
</script>
<style id="blocked-style" type="module" specifier="foo">
#test {color:blue}
</style>
<script nonce="abc123">
document.getElementById("blocked-style").addEventListener("error", t2.step_func_done());
</script>
</head>
<body>
<div id="test">Test content</div>
<script nonce="abc123">
test(function (t) {
const test_element = document.getElementById("test");
assert_equals(getComputedStyle(test_element)
.color, "rgb(0, 0, 0)",
"Declarative styles were blocked when both style-src and script-src CSP deny.");
}, "Both style-src and script-src CSP block Declarative CSS Modules.");
</script>
</body>
</html>