third_party/web_platform_tests/content-security-policy/script-src/script-src-1_1.html - cobalt - Git at Google

 <!DOCTYPE HTML>
 <html>
 <head>
     <title>Inline script should not run without 'unsafe-inline' script-src directive.</title>
     <script src='/resources/testharness.js'></script>
     <script src='/resources/testharnessreport.js'></script>
     <script src='inlineTests.js'></script>
 </head>
 <body>
     <h1>Inline script should not run without 'unsafe-inline' script-src directive, even for script-src 'self'.</h1>
     <div id='log'></div>

     <script>
       t1.step(function() {assert_unreached('Unsafe inline script ran.');});
     </script>

     <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27'></script>

 </body>
 </html>
	<!DOCTYPE HTML>
	<html>
	<head>
	<title>Inline script should not run without 'unsafe-inline' script-src directive.</title>
	<script src='/resources/testharness.js'></script>
	<script src='/resources/testharnessreport.js'></script>
	<script src='inlineTests.js'></script>
	</head>
	<body>
	<h1>Inline script should not run without 'unsafe-inline' script-src directive, even for script-src 'self'.</h1>
	<div id='log'></div>

	<script>
	t1.step(function() {assert_unreached('Unsafe inline script ran.');});
	</script>

	<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27'></script>

	</body>
	</html>