From c7c2855ed13f23322c4064407c1ed84561b95738 Mon Sep 17 00:00:00 2001
From: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
Date: Mon, 14 Jan 2019 19:29:54 +0100
Subject: Core: Preserve CSP nonce on scripts in DOM manipulation

Fixes gh-3541
Closes gh-4269
---
 test/unit/manipulation.js | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'test/unit')

diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js
index 300add5ec..c8d5cdefe 100644
--- a/test/unit/manipulation.js
+++ b/test/unit/manipulation.js
@@ -2835,3 +2835,23 @@ QUnit.test( "Ignore content from unsuccessful responses (gh-4126)", 1, function(
 		jQuery.globalEval = globalEval;
 	}
 } );
+
+testIframe(
+	"Check if CSP nonce is preserved",
+	"mock.php?action=cspNonce",
+	function( assert, jQuery, window, document ) {
+		var done = assert.async();
+
+		assert.expect( 1 );
+
+		supportjQuery.get( baseURL + "support/csp.log" ).done( function( data ) {
+			assert.equal( data, "", "No log request should be sent" );
+			supportjQuery.get( baseURL + "mock.php?action=cspClean" ).done( done );
+		} );
+	},
+
+	// Support: Edge 18+
+	// Edge doesn't support nonce in non-inline scripts.
+	// See https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13246371/
+	QUnit[ /\bedge\//i.test( navigator.userAgent ) ? "skip" : "test" ]
+);
-- 
cgit v1.2.3