Step 3 states: > Assert: If body["blocked-uri"] is not "inline", then body["sample"] is the empty string. However, the eval, trusted-types-policy and trusted-types-sink resources can also provide a sample.
Step 3 states:
However, the eval, trusted-types-policy and trusted-types-sink resources can also provide a sample.