`strict-dynamic` allows scripts matching hashes present in the policy.

Summary

Harness status: OK

Found 3 tests

3 Pass

Result

Test Name

Message

Pass

Script matching SHA256 hash is allowed with `strict-dynamic`.

Asserts run

Pass	assert_true(true) at Test.<anonymous> ( /content-security-policy/script-src/script-src-strict_dynamic_hashes.html:30:13)

Pass

Script injected via `appendChild` from a script matching SHA256 hash is allowed with `strict-dynamic`.

Asserts run

No asserts ran

Pass

External script in a script tag with matching SRI hash is allowed with `strict-dynamic`.

Asserts run

Pass	assert_true(true) at Test.<anonymous> ( /content-security-policy/script-src/script-src-strict_dynamic_hashes.html:58:13)