Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 2 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /html/semantics/document-metadata/the-style-element/tentative/style-element-csp-style-src-blocked-script-src-allowed.html - WPT Dashboard Interop Dashboard
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<meta name="author" title="Kurt Catti-Schmidt" href="mailto:kschmi@microsoft.com" />
<link rel="help" href="https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/ShadowDOM/explainer.md" />
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' blob:; style-src 'none';">
<script>
const t1 = async_test("securitypolicyviolation event fires under style-src when style-src blocks but script-src allows");
document.documentElement.addEventListener("securitypolicyviolation",
t1.step_func(function(e) {
if (e.violatedDirective.startsWith("style-src")) {
t1.done();
}
}));
const t2 = async_test("error event fires on style module when style-src blocks but script-src allows");
</script>
<style id="blocked-style" type="module" specifier="foo">
#test {color:blue}
</style>
<script>
document.getElementById("blocked-style").addEventListener("error", t2.step_func_done());
</script>
</head>
<body>
<div id="test">Test content</div>
<script>
test(function (t) {
const test_element = document.getElementById("test");
assert_equals(getComputedStyle(test_element)
.color, "rgb(0, 0, 0)",
"Declarative styles were blocked via style-src CSP even though script-src allows.");
}, "style-src CSP blocks Declarative CSS Modules even when script-src allows inline.");
</script>
</body>
</html>