diff options
Diffstat (limited to 'test/unit/manipulation.js')
| -rw-r--r-- | test/unit/manipulation.js | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js index d8c86e31c..b0d3e3a88 100644 --- a/test/unit/manipulation.js +++ b/test/unit/manipulation.js @@ -2895,6 +2895,29 @@ testIframe( ); testIframe( + "Check if CSP nonce is preserved for external scripts with src attribute", + "mock.php?action=cspNonce&test=external", + function( assert, jQuery, window, document ) { + var done = assert.async(); + + assert.expect( 1 ); + + supportjQuery.get( baseURL + "support/csp.log" ).done( function( data ) { + assert.equal( data, "", "No log request should be sent" ); + supportjQuery.get( baseURL + "mock.php?action=cspClean" ).done( done ); + } ); + }, + + // Support: Edge 18+, iOS 7-9 only, Android 4.0-4.4 only + // Edge doesn't support nonce in non-inline scripts. + // See https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13246371/ + // Old iOS & Android Browser versions support script-src but not nonce, making this test + // impossible to run. Browsers not supporting CSP at all are not a problem as they'll skip + // script-src restrictions completely. + QUnit[ /\bedge\/|iphone os [789]|android 4\./i.test( navigator.userAgent ) ? "skip" : "test" ] +); + +testIframe( "jQuery.globalEval supports nonce", "mock.php?action=cspNonce&test=globaleval", function( assert, jQuery, window, document ) { |