jquery/test/data/csp.include.html

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>CSP Test Page</title>
	<script src="../../dist/jquery.min.js"></script>
	<script src="iframeTest.js"></script>
	<script src="support/csp.js"></script>
	<script src="support/getComputedSupport.js"></script>
</head>
<body>
	<p>CSP Test Page</p>
</body>
</html>
Tests: Add support for running unit tests via grunt with karma - Update QUnit to 1.23.1 - Remove unused dl#dl from test/index.html - Remove unused map#imgmap from test/index.html - Ensure all urls to data use baseURI - Add the 'grunt karma:main' task - customContextFile & customDebugFile - Add 'npm run jenkins' script Close gh-3744 Fixes gh-1999 2017-08-01 16:52:45 +00:00			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<title>CSP Test Page</title>`
Core:Manipulation: Add basic TrustedHTML support This ensures HTML wrapped in TrustedHTML can be used as an input to jQuery manipulation methods in a way that doesn't violate the `require-trusted-types-for` Content Security Policy directive. This commit builds on previous work needed for trusted types support, including gh-4642 and gh-4724. One restriction is that while any TrustedHTML wrapper should work as input for jQuery methods like `.html()` or `.append()`, for passing directly to the `jQuery` factory the string must start with `<` and end with `>`; no trailing or leading whitespaces are allowed. This is necessary as we cannot parse out a part of the input for further construction; that would violate the CSP rule - and that's what's done to HTML input not matching these constraints. No trusted types API is used explicitly in source; the majority of the work is ensuring we don't pass the input converted to string to APIs that would eventually assign it to `innerHTML`. This extra cautiousness is caused by the API being Blink-only, at least for now. The ban on passing strings to `innerHTML` means support tests relying on such assignments are impossible. We don't currently have such tests on the `main` branch but we used to have many of them in the 3.x & older lines. If there's a need to re-add such a test, we'll need an escape hatch to skip them for apps needing CSP-enforced TrustedHTML. See https://web.dev/trusted-types/ for more information about TrustedHTML. Fixes gh-4409 Closes gh-4927 Ref gh-4642 Ref gh-4724 2021-09-30 14:00:24 +00:00			`<script src="../../dist/jquery.min.js"></script>`
Tests: Add support for running unit tests via grunt with karma - Update QUnit to 1.23.1 - Remove unused dl#dl from test/index.html - Remove unused map#imgmap from test/index.html - Ensure all urls to data use baseURI - Add the 'grunt karma:main' task - customContextFile & customDebugFile - Add 'npm run jenkins' script Close gh-3744 Fixes gh-1999 2017-08-01 16:52:45 +00:00			`<script src="iframeTest.js"></script>`
			`<script src="support/csp.js"></script>`
			`<script src="support/getComputedSupport.js"></script>`
			`</head>`
			`<body>`
			`<p>CSP Test Page</p>`
			`</body>`
			`</html>`