src/third_party/web_platform_tests/content-security-policy/script-src/script-src-1_4.html - cobalt - Git at Google

 <!DOCTYPE HTML>
 <html>
 <head>
     <title>eval() should not run without 'unsafe-eval' script-src directive.</title>
     <script src='/resources/testharness.js'></script>
     <script src='/resources/testharnessreport.js'></script>
 </head>
 <body>
     <h1>eval() should not run without 'unsafe-eval' script-src directive.</h1>
     <div id='log'></div>

    	<script>

         var evalRan = false;

         test(function() {assert_throws(new EvalError(), function() { eval('evalRan = true;') })}, "eval() should throw without 'unsafe-eval' keyword source in script-src directive.");

         test(function() {assert_false(evalRan);})

     </script>

     <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27+%27unsafe-inline%27'></script>

 </body>
 </html>
	<!DOCTYPE HTML>
	<html>
	<head>
	<title>eval() should not run without 'unsafe-eval' script-src directive.</title>
	<script src='/resources/testharness.js'></script>
	<script src='/resources/testharnessreport.js'></script>
	</head>
	<body>
	<h1>eval() should not run without 'unsafe-eval' script-src directive.</h1>
	<div id='log'></div>

	<script>

	var evalRan = false;

	test(function() {assert_throws(new EvalError(), function() { eval('evalRan = true;') })}, "eval() should throw without 'unsafe-eval' keyword source in script-src directive.");

	test(function() {assert_false(evalRan);})

	</script>

	<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27self%27+%27unsafe-inline%27'></script>

	</body>
	</html>