Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 2 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /html/semantics/document-metadata/the-style-element/tentative/style-element-csp-script-src-blocked.html - WPT Dashboard Interop Dashboard
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<meta name="author" title="Kurt Catti-Schmidt" href="mailto:kschmi@microsoft.com" />
<link rel="help" href="https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/ShadowDOM/explainer.md" />
<script nonce="abc123" src="/resources/testharness.js"></script>
<script nonce="abc123" src="/resources/testharnessreport.js"></script>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc123'; style-src 'unsafe-inline';">
<script nonce="abc123">
const t1 = async_test("securitypolicyviolation event fires under script-src for declarative style module");
document.documentElement.addEventListener("securitypolicyviolation",
t1.step_func(function(e) {
if (e.violatedDirective.startsWith("script-src")) {
t1.done();
}
}));
const t2 = async_test("error event fires on style module blocked by script-src CSP");
</script>
<style id="blocked-style" type="module" specifier="foo">
#test {color:blue}
</style>
<script nonce="abc123">
// Listen for the error event via addEventListener instead of inline onerror
// since inline event handlers are also blocked by script-src CSP.
document.getElementById("blocked-style").addEventListener("error", t2.step_func_done());
</script>
</head>
<body>
<div id="test">Test content</div>
<script nonce="abc123">
test(function (t) {
const test_element = document.getElementById("test");
assert_equals(getComputedStyle(test_element)
.color, "rgb(0, 0, 0)",
"Declarative styles were blocked via script-src CSP.");
}, "script-src CSP can block Declarative CSS Modules.");
</script>
</body>
</html>