chromium/src/third_party/blink/web_tests/http/tests/security/contentTypeOptions/nosniff-script-blocked.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
     <title>'X-Content-Type-Options: nosniff;' blocks scripts!</title>
 <body>
     <script src="/js-test-resources/js-test.js"></script>
     <script>
         description('Check that script sent with an \'X-Content-Type-Options: nosniff\' header is correctly blocked if the MIME type isn\'t scripty.');
         window.jsTestIsAsync = true;

         var unscriptyMimeTypes = [
             'application/json',
             'image/png',
             'text/html',
             'text/vbs',
             'text/vbscript',
         ];

         window.scriptsSuccessfullyLoaded = 0;

         for (var i = 0; i < unscriptyMimeTypes.length; i++) {
             document.write('<script src="./resources/script-with-header.pl?mime=' + unscriptyMimeTypes[i] + '"><' + '/script>');
         }

         window.onload = function () {
             shouldBe('window.scriptsSuccessfullyLoaded', '0');
             finishJSTest();
         };
     </script>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>'X-Content-Type-Options: nosniff;' blocks scripts!</title>
	<body>
	<script src="/js-test-resources/js-test.js"></script>
	<script>
	description('Check that script sent with an \'X-Content-Type-Options: nosniff\' header is correctly blocked if the MIME type isn\'t scripty.');
	window.jsTestIsAsync = true;

	var unscriptyMimeTypes = [
	'application/json',
	'image/png',
	'text/html',
	'text/vbs',
	'text/vbscript',
	];

	window.scriptsSuccessfullyLoaded = 0;

	for (var i = 0; i < unscriptyMimeTypes.length; i++) {
	document.write('<script src="./resources/script-with-header.pl?mime=' + unscriptyMimeTypes[i] + '"><' + '/script>');
	}

	window.onload = function () {
	shouldBe('window.scriptsSuccessfullyLoaded', '0');
	finishJSTest();
	};
	</script>
	</body>
	</html>