| <!DOCTYPE html> |
| |
| <head> |
| <title>Cobalt eval() allowed when missing csp test</title> |
| <script src='black_box_js_test_utils.js'></script> |
| </head> |
| |
| <body> |
| <h1> |
| <span>ID element</span> |
| </h1> |
| <script> |
| // When Content Security Policy is missing, JavaScript eval() should be |
| // allowed. |
| try { |
| assertEqual(4, eval('1+3')); |
| } catch(error) { |
| // Catch the error if any, otherwise the test will exit after timeout. |
| console.log("Calling eval without CSP raised unexpected exception:"); |
| console.log(error); |
| notReached(); |
| } |
| onEndTest(); |
| </script> |
| </body> |