feat(script): added testing external script injection

Author: bahmutov

test-script-injection.js

@@ -3,8 +3,14 @@
   and executing new inline scripts (script-injection attacks)
   See https://github.com/bahmutov/disable-inline-javascript-tutorial
 */
-(function testScriptInjection() {
+(function testInlineScriptInjection() {
   var el = document.createElement('script');
   el.innerText = 'alert("hi there")';
   document.body.appendChild(el); // runs the code by default
 }());
+
+(function testExternalScriptInjection() {
+  var el = document.createElement('script');
+  el.src = 'https://rawgit.com/hakimel/reveal.js/tree/master/js';
+  document.body.appendChild(el);
+}());