chromium/src/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/1.1/scripthash-ignore-unsafeinline.html

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Security-Policy" content="script-src 'sha256-0WwzeJrO6lcDUe7o6BR3lx0b8uiBvXBX5MNFFKF7iYE=' 'unsafe-inline'">
        <script>
            if (window.testRunner)
                testRunner.dumpAsText();
            alert('PASS (1/1)');
        </script>
        <script>
            alert('FAIL (1/1)');
        </script>
    </head>
    <body>
        <p>
            This tests that a valid hash value disables inline JavaScript, even if 'unsafe-inline' is present.
        </p>
    </body>
</html>