From 005040379d8b64aacbe54941d878efa6e86df1cc Mon Sep 17 00:00:00 2001
From: buddh4 <mail@jharrer.de>
Date: Tue, 19 Mar 2019 22:40:30 +0100
Subject: Core: Preserve CSP nonce on scripts with src attribute in DOM
 manipulation

Fixes gh-4323
Closes gh-4328
---
 test/data/csp-nonce-external.html | 13 +++++++++++++
 test/data/csp-nonce-external.js   |  5 +++++
 2 files changed, 18 insertions(+)
 create mode 100644 test/data/csp-nonce-external.html
 create mode 100644 test/data/csp-nonce-external.js

(limited to 'test/data')

diff --git a/test/data/csp-nonce-external.html b/test/data/csp-nonce-external.html
new file mode 100644
index 000000000..8baa85c75
--- /dev/null
+++ b/test/data/csp-nonce-external.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<title>CSP nonce via jQuery.globalEval Test Page</title>
+	<script nonce="jquery+hardcoded+nonce" src="../jquery.js"></script>
+	<script nonce="jquery+hardcoded+nonce" src="iframeTest.js"></script>
+	<script nonce="jquery+hardcoded+nonce" src="csp-nonce-external.js"></script>
+</head>
+<body>
+	<p>CSP nonce for external script Test Page</p>
+</body>
+</html>
diff --git a/test/data/csp-nonce-external.js b/test/data/csp-nonce-external.js
new file mode 100644
index 000000000..efedd5a9a
--- /dev/null
+++ b/test/data/csp-nonce-external.js
@@ -0,0 +1,5 @@
+/* global startIframeTest */
+
+jQuery( function() {
+	$( "body" ).append( "<script nonce='jquery+hardcoded+nonce' src='csp-nonce.js'></script>" );
+} );
-- 
cgit v1.2.3