Content Security Policy violation example (external script)


This HTML file has a script-src 'unsafe-inline'; Content Security Policy and we are running eval('console.log("hello world")'); in an inline script to force a SecurityPolicyViolationEvent.

Below, you can find the error details. We are able to capture them by adding a securitypolicyviolation listener.

Try opening this page on multiple browsers to see the differences on how the violation is implemented.

If you wanna test an external script violation, check this example instead.

Violation details