feat(snippet): Added a simple security snippet

bahmutov · bahmutov · commit d190a841725c · 2015-11-21T13:54:26.000-05:00
diff --git a/README.md b/README.md
@@ -31,6 +31,11 @@ Note: code snippets do NOT have access to the full console API, for example no a
 
 ## Snippets
 
+### Security
+
+* [test-script-injection.js](test-script-injection.js) - tries to create a new
+  inline script tag to test if page allows it.
+
 ### DOM and CPU generic performance
 
 * [boilerplate.js](boilerplate.js) - boilerplate for loading and running a remote code script
diff --git a/test-script-injection.js b/test-script-injection.js
@@ -0,0 +1,10 @@
+/*
+  This code snippet checks if the page allows creating
+  and executing new inline scripts (script-injection attacks)
+  See https://github.com/bahmutov/disable-inline-javascript-tutorial
+*/
+(function testScriptInjection() {
+  var el = document.createElement('script');
+  el.innerText = 'alert("hi there")';
+  document.body.appendChild(el); // runs the code by default
+}());
