This HTML file has a script-src 'unsafe-inline';
Content Security Policy
and we are loading an external script (<script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js">)
to force a
SecurityPolicyViolationEvent.
Below, you can find the error details. We are able to capture them by adding a
securitypolicyviolation listener.
Try opening this page on multiple browsers to see the differences on how the violation is implemented.
If you wanna test an eval violation, check
this example instead.