third_party/web_platform_tests/content-security-policy/blink-contrib-2/script-src-wildcards-disallowed.html - cobalt - Git at Google

 <!DOCTYPE html>
 <html>
     <head>
     <title>script-src disallowed wildcard use</title>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     </head>
     <body>
     <!-- enforcing policy:
 script-src 'nonce-nonce' *; connect-src 'self';
 -->
     <script nonce="nonce">
         var t1 = async_test('data: URIs should not match *');
         t1.step(function() {
             var script = document.createElement("script");
             script.src = 'data:application/javascript,';
             script.addEventListener('load', t1.step_func(function() {
                 assert_unreached('Should not successfully load data URI.');
             }));
             script.addEventListener('error', t1.step_func(function() {
                 t1.done();
             }));
             document.head.appendChild(script);
         });
     </script>
     </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>script-src disallowed wildcard use</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	</head>
	<body>
	<!-- enforcing policy:
	script-src 'nonce-nonce' *; connect-src 'self';
	-->
	<script nonce="nonce">
	var t1 = async_test('data: URIs should not match *');
	t1.step(function() {
	var script = document.createElement("script");
	script.src = 'data:application/javascript,';
	script.addEventListener('load', t1.step_func(function() {
	assert_unreached('Should not successfully load data URI.');
	}));
	script.addEventListener('error', t1.step_func(function() {
	t1.done();
	}));
	document.head.appendChild(script);
	});
	</script>
	</body>
	</html>