chromium/src/third_party/blink/web_tests/external/wpt/content-security-policy/unsafe-hashes/javascript_src_allowed-href.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE HTML>
 <html>

 <head>
     <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-hashes' 'nonce-abc'
     'sha256-r5W8SQIDMTbMxAjJ7KzCzFT38dwBy7Y5KF5B+20009g=';">
     <!--
     'sha256-r5W8SQIDMTbMxAjJ7KzCzFT38dwBy7Y5KF5B+20009g=' ==> 'javascript:t1.done();'
     -->
     <script src='/resources/testharness.js' nonce='abc'></script>
     <script src='/resources/testharnessreport.js' nonce='abc'></script>
 </head>

 <body>
     <div id='log'></div>
     <a href='javascript:t1.done();' id='test'>
     <script nonce='abc'>
         var t1 = async_test("Test that the javascript: src is allowed to run");

         window.addEventListener('securitypolicyviolation', t1.unreached_func("Should have not raised any event"));

         document.getElementById('test').click();
     </script>
 </body>

 </html>
	<!DOCTYPE HTML>
	<html>

	<head>
	<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-hashes' 'nonce-abc'
	'sha256-r5W8SQIDMTbMxAjJ7KzCzFT38dwBy7Y5KF5B+20009g=';">
	<!--
	'sha256-r5W8SQIDMTbMxAjJ7KzCzFT38dwBy7Y5KF5B+20009g=' ==> 'javascript:t1.done();'
	-->
	<script src='/resources/testharness.js' nonce='abc'></script>
	<script src='/resources/testharnessreport.js' nonce='abc'></script>
	</head>

	<body>
	<div id='log'></div>
	<a href='javascript:t1.done();' id='test'>
	<script nonce='abc'>
	var t1 = async_test("Test that the javascript: src is allowed to run");

	window.addEventListener('securitypolicyviolation', t1.unreached_func("Should have not raised any event"));

	document.getElementById('test').click();
	</script>
	</body>

	</html>