fune/dom/security/test/csp/file_strict_dynamic_unsafe_eval.html

<!DOCTYPE HTML>
<html>
<head>
  <title>Bug 1299483 - CSP: Implement 'strict-dynamic'</title>
</head>
<body>
<div id="testdiv">blocked</div>

<script nonce="foo">
  eval('document.getElementById("testdiv").innerHTML = "allowed";');
</script>

</body>
</html>