chromium/src/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/combine-multiple-policies.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <meta http-equiv="Content-Security-Policy" content="script-src 'self'">
 <meta http-equiv="Content-Security-Policy" content="style-src 'none'">
 <script src="resources/dump-as-text.js"></script>
 </head>
 <body>
 This test checks that we enforce all the supplied policies.  This test passes
 if it doesn't alert fail and if the style doesn't apply.
 <script>
 alert('FAIL');
 </script>
 <style>
 body {
     background-color: red;
 }
 </style>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
	<meta http-equiv="Content-Security-Policy" content="style-src 'none'">
	<script src="resources/dump-as-text.js"></script>
	</head>
	<body>
	This test checks that we enforce all the supplied policies. This test passes
	if it doesn't alert fail and if the style doesn't apply.
	<script>
	alert('FAIL');
	</script>
	<style>
	body {
	background-color: red;
	}
	</style>
	</body>
	</html>