http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html Description: This test is flaky failing on iOS wk2. The failures seem to have become more frequent around r257740, but it is failing back to r251695. History: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Fjavascript-url-blocked-by-default-src-star.html&platform=ios Diff: @@ -1,4 +1,6 @@ CONSOLE MESSAGE: Refused to load javascript:alert('FAIL'); because it appears in neither the object-src directive nor the default-src directive of the Content Security Policy. CONSOLE MESSAGE: Refused to load javascript:alert('FAIL'); because it appears in neither the object-src directive nor the default-src directive of the Content Security Policy. CONSOLE MESSAGE: line 1: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. +CONSOLE MESSAGE: Refused to load javascript:alert('FAIL'); because it appears in neither the object-src directive nor the default-src directive of the Content Security Policy. +CONSOLE MESSAGE: Refused to load javascript:alert('FAIL'); because it appears in neither the object-src directive nor the default-src directive of the Content Security Policy.
<rdar://problem/60096249>
I have marked this test as failing while this issue is investigated. https://trac.webkit.org/changeset/257940/webkit