| <!DOCTYPE HTML> |
| <html> |
| <head> |
| <title>Inline script attached by DOM manipulation should not run without an 'unsafe-inline' script-src policy, even with default-src *</title> |
| <script src='/resources/testharness.js'></script> |
| <script src='/resources/testharnessreport.js'></script> |
| </head> |
| <body> |
| <h1>Inline script attached by DOM manipulation should not run without an 'unsafe-inline' script-src policy, even with default-src *</h1> |
| <div id="log"></div> |
| |
| <div id=attachHere></div> |
| |
| <script id=emptyScript></script> |
| |
| <div id=emptyDiv></div> |
| |
| <script src="addInlineTestsWithDOMManipulation.js"></script> |
| |
| <script async defer src="../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20*"></script> |
| |
| </body> |
| </html> |