blob-urls-do-not-match-self

blob: URLs are same-origin with the page in which they were created, but explicitly do not match the 'self' or '*' source in CSP directives because they are more akin to 'unsafe-inline' content.

Summary

Harness status: OK

Found 1 tests

1 Pass

Details

Result

Test Name

Message

Pass

Expecting logs: ["violated-directive=script-src-elem"]

Asserts run

Pass

assert_equals("violated-directive=script-src-elem", "violated-directive=script-src-elem")
    at Test.<anonymous> ( /content-security-policy/support/logTest.sub.js?logs=[%22violated-directive=script-src-elem%22]:29:21)