This HTML file has a script-src 'unsafe-inline';
Content Security Policy
and we are running eval('console.log("hello world")'); in an inline script to
force a
SecurityPolicyViolationEvent.
Below, you can find the error details. We are able to capture them by adding a
securitypolicyviolation listener.
Try opening this page on multiple browsers to see the differences on how the violation is implemented.
If you wanna test an external script violation, check this example instead.