javascript_src_denied_wrong_hash-href_blank-script-src-attr.html

Enable keyboard shortcuts

This WPT test may be referenced by the following Test IDs:
- /content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-attr.html - WPT Dashboard Interop Dashboard

<!DOCTYPE HTML>

<html>

<head>

    <meta http-equiv="Content-Security-Policy" content="script-src-attr 'unsafe-hashes' 'nonce-abc'

    'sha256-wrongwrongwrongwrongwrongwrongwrongwrongwro=';">

    <script src="/resources/testharness.js" nonce="abc"></script>

    <script src="/resources/testharnessreport.js" nonce="abc"></script>

    <script src="support/helper.js" nonce="abc"></script>

</head>

<body>

    <script nonce="abc">

    // script-src-attr CSP should not have effects because navigation CSP

    // checks are done against script-src-elem.

    // https://w3c.github.io/webappsec-csp/#effective-directive-for-inline-check

    runTest(true, '<a href target=_blank>', ' (script-src-attr should not be used)');

    </script>

</body>

</html>