This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
If a page has a Content Security Policy applied (spec: https://w3c.github.io/webappsec/specs/content-security-policy/), it may prevent the execution of user-supplied JavaScript via the executeScript command. This is because the injected JavaScript would have no source which could be validated by the policy. The WebDriver spec should have language describing how a driver should behave in this event.