Diff
Modified: trunk/LayoutTests/ChangeLog (285477 => 285478)
--- trunk/LayoutTests/ChangeLog 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/ChangeLog 2021-11-09 02:26:15 UTC (rev 285478)
@@ -1,3 +1,21 @@
+2021-11-08 Patrick Griffis <[email protected]>
+
+ Implement nonce-hiding
+ https://bugs.webkit.org/show_bug.cgi?id=179728
+
+ Reviewed by Chris Dumez.
+
+ Update expectations for nonce IDL as PASSing.
+
+ * platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+ * platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+ * platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
+ * platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+ * platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+ * platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+ * platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
+ * platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+
2021-11-08 Chris Dumez <[email protected]>
REGRESSION (r283935): [ macOS wk1 ] imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/dialog-autofocus-multiple-times.html is a flaky failure
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2021-11-09 02:26:15 UTC (rev 285478)
@@ -1,3 +1,21 @@
+2021-11-08 Patrick Griffis <[email protected]>
+
+ Implement nonce-hiding
+ https://bugs.webkit.org/show_bug.cgi?id=179728
+
+ Reviewed by Chris Dumez.
+
+ Update all nonce-hiding expectations as passing.
+ Update reflection-misc as script.nonce not being reflected, this matches Chromiums results.
+
+ * web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt:
+ * web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt:
+ * web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt:
+ * web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt:
+ * web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt:
+ * web-platform-tests/html/dom/idlharness.https-expected.txt:
+ * web-platform-tests/html/dom/reflection-misc-expected.txt:
+
2021-11-08 Chris Dumez <[email protected]>
Add abort reason to AbortSignal
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -1,20 +1,20 @@
-FAIL Basic nonce tests for meh in HTML namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for meh in HTML namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for div in HTML namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for div in HTML namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for script in HTML namespace assert_equals: Content attribute is changed after element insertion expected "" but got "x"
+PASS Basic nonce tests for meh in HTML namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace
+PASS Test empty nonces for meh in HTML namespace
+PASS Basic nonce tests for div in HTML namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace
+PASS Test empty nonces for div in HTML namespace
+PASS Basic nonce tests for script in HTML namespace
PASS Ensure that removal of content attribute does not affect IDL attribute for script in HTML namespace
PASS Test empty nonces for script in HTML namespace
-FAIL Basic nonce tests for meh in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for meh in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for svg in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for svg in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for script in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for script in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
+PASS Basic nonce tests for meh in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace
+PASS Test empty nonces for meh in SVG namespace
+PASS Basic nonce tests for svg in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace
+PASS Test empty nonces for svg in SVG namespace
+PASS Basic nonce tests for script in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace
+PASS Test empty nonces for script in SVG namespace
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -1,15 +1,14 @@
-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected Element node <script nonce="abc" id="testScript" executed="yay">
- doc... but got null
-FAIL Cloned node retains nonce. assert_equals: expected "" but got "abc"
-FAIL Cloned node retains nonce when inserted. assert_equals: expected "" but got "abc"
+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
PASS Writing 'nonce' content attribute.
-FAIL Writing 'nonce' IDL attribute. assert_equals: expected "foo" but got "bar"
+PASS Writing 'nonce' IDL attribute.
PASS Document-written script executes.
-FAIL Document-written script's nonce value. assert_equals: expected "" but got "abc"
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
-FAIL setAttribute('nonce') overwrites '.nonce' upon insertion. assert_equals: expected "" but got "abc"
-FAIL createElement.setAttribute. assert_equals: Post-insertion content expected "" but got "abc"
-FAIL Custom elements expose the correct events. assert_object_equals: AttributeChanged 2 value is undefined, expected object
-FAIL Nonces don't leak via CSS side-channels. assert_equals: expected "none" but got "url(\"http://localhost:8800/security/resources/abe.png\")"
+PASS Document-written script's nonce value.
+PASS createElement.nonce.
+PASS setAttribute('nonce') overwrites '.nonce' upon insertion.
+PASS createElement.setAttribute.
+PASS Custom elements expose the correct events.
+PASS Nonces don't leak via CSS side-channels.
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -3,10 +3,10 @@
PASS Cloned node retains nonce.
PASS Cloned node retains nonce when inserted.
PASS Writing 'nonce' content attribute.
-FAIL Writing 'nonce' IDL attribute. assert_equals: expected "foo" but got "bar"
+PASS Writing 'nonce' IDL attribute.
PASS Document-written script executes.
PASS Document-written script's nonce value.
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
+PASS createElement.nonce.
PASS setAttribute('nonce') overwrites '.nonce' upon insertion.
PASS createElement.setAttribute.
PASS Nonces leak via CSS side-channels.
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -1,13 +1,12 @@
-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected Element node <script nonce="abc" id="testScript" executed="yay">
- d... but got null
-FAIL Cloned node retains nonce. assert_equals: IDL attribute expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce when inserted. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Writing 'nonce' content attribute. assert_equals: expected (string) "foo" but got (undefined) undefined
+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
+PASS Writing 'nonce' content attribute.
PASS Writing 'nonce' IDL attribute.
PASS Document-written script executes.
-FAIL Document-written script's nonce value. assert_equals: expected "" but got "abc"
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
-FAIL createElement.setAttribute. assert_equals: Post-insertion content expected "" but got "abc"
+PASS Document-written script's nonce value.
+PASS createElement.nonce.
+PASS createElement.setAttribute.
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -1,12 +1,12 @@
undefined
-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce. assert_equals: IDL attribute expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce when inserted. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Writing 'nonce' content attribute. assert_equals: expected (string) "foo" but got (undefined) undefined
+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
+PASS Writing 'nonce' content attribute.
PASS Writing 'nonce' IDL attribute.
PASS Document-written script executes.
-FAIL Document-written script's nonce value. assert_equals: expected (string) "abc" but got (undefined) undefined
+PASS Document-written script's nonce value.
PASS createElement.nonce.
PASS createElement.setAttribute.
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -196,7 +196,7 @@
PASS HTMLElement interface: attribute isContentEditable
PASS HTMLElement interface: attribute inputMode
PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS HTMLElement interface: attribute tabIndex
PASS HTMLElement interface: operation focus(FocusOptions)
@@ -286,7 +286,7 @@
PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(FocusOptions)" with the proper type
@@ -5096,7 +5096,7 @@
PASS SVGElement interface: attribute oncut
PASS SVGElement interface: attribute onpaste
PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS SVGElement interface: attribute tabIndex
PASS SVGElement interface: operation focus(FocusOptions)
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (285477 => 285478)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -967,23 +967,23 @@
PASS script.nonce: setAttribute() to null
PASS script.nonce: setAttribute() to object "test-toString"
PASS script.nonce: setAttribute() to object "test-valueOf"
-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
PASS script.nonce: IDL set to object "test-valueOf"
PASS script.integrity: typeof IDL attribute
PASS script.integrity: IDL get with DOM attribute unset
Modified: trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -334,7 +334,7 @@
PASS HTMLElement interface: attribute isContentEditable
PASS HTMLElement interface: attribute inputMode
PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
PASS HTMLElement interface: attribute autofocus
PASS HTMLElement interface: attribute tabIndex
PASS HTMLElement interface: operation focus(optional FocusOptions)
@@ -429,7 +429,7 @@
PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
@@ -5335,7 +5335,7 @@
PASS SVGElement interface: attribute oncut
PASS SVGElement interface: attribute onpaste
PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
PASS SVGElement interface: attribute autofocus
PASS SVGElement interface: attribute tabIndex
PASS SVGElement interface: operation focus(optional FocusOptions)
Modified: trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -334,7 +334,7 @@
PASS HTMLElement interface: attribute isContentEditable
PASS HTMLElement interface: attribute inputMode
PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS HTMLElement interface: attribute tabIndex
PASS HTMLElement interface: operation focus(optional FocusOptions)
@@ -429,7 +429,7 @@
PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
@@ -5325,7 +5325,7 @@
PASS SVGElement interface: attribute oncut
PASS SVGElement interface: attribute onpaste
PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS SVGElement interface: attribute tabIndex
PASS SVGElement interface: operation focus(optional FocusOptions)
Modified: trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -967,23 +967,23 @@
PASS script.nonce: setAttribute() to null
PASS script.nonce: setAttribute() to object "test-toString"
PASS script.nonce: setAttribute() to object "test-valueOf"
-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
PASS script.nonce: IDL set to object "test-valueOf"
PASS script.integrity: typeof IDL attribute
PASS script.integrity: IDL get with DOM attribute unset
Modified: trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -334,7 +334,7 @@
PASS HTMLElement interface: attribute isContentEditable
PASS HTMLElement interface: attribute inputMode
PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS HTMLElement interface: attribute tabIndex
PASS HTMLElement interface: operation focus(optional FocusOptions)
@@ -429,7 +429,7 @@
PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
@@ -5335,7 +5335,7 @@
PASS SVGElement interface: attribute oncut
PASS SVGElement interface: attribute onpaste
PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS SVGElement interface: attribute tabIndex
PASS SVGElement interface: operation focus(optional FocusOptions)
Modified: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -336,7 +336,7 @@
PASS HTMLElement interface: attribute isContentEditable
PASS HTMLElement interface: attribute inputMode
PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
PASS HTMLElement interface: attribute autofocus
PASS HTMLElement interface: attribute tabIndex
PASS HTMLElement interface: operation focus(optional FocusOptions)
@@ -433,7 +433,7 @@
PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
@@ -5372,7 +5372,7 @@
PASS SVGElement interface: attribute oncut
PASS SVGElement interface: attribute onpaste
PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
PASS SVGElement interface: attribute autofocus
PASS SVGElement interface: attribute tabIndex
PASS SVGElement interface: operation focus(optional FocusOptions)
Modified: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -334,7 +334,7 @@
PASS HTMLElement interface: attribute isContentEditable
PASS HTMLElement interface: attribute inputMode
PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
PASS HTMLElement interface: attribute autofocus
PASS HTMLElement interface: attribute tabIndex
PASS HTMLElement interface: operation focus(optional FocusOptions)
@@ -429,7 +429,7 @@
PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
@@ -5335,7 +5335,7 @@
PASS SVGElement interface: attribute oncut
PASS SVGElement interface: attribute onpaste
PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
PASS SVGElement interface: attribute autofocus
PASS SVGElement interface: attribute tabIndex
PASS SVGElement interface: operation focus(optional FocusOptions)
Modified: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -967,23 +967,23 @@
PASS script.nonce: setAttribute() to null
PASS script.nonce: setAttribute() to object "test-toString"
PASS script.nonce: setAttribute() to object "test-valueOf"
-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
PASS script.nonce: IDL set to object "test-valueOf"
PASS script.integrity: typeof IDL attribute
PASS script.integrity: IDL get with DOM attribute unset
Modified: trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)
--- trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
@@ -334,7 +334,7 @@
PASS HTMLElement interface: attribute isContentEditable
PASS HTMLElement interface: attribute inputMode
PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS HTMLElement interface: attribute tabIndex
PASS HTMLElement interface: operation focus(optional FocusOptions)
@@ -429,7 +429,7 @@
PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
@@ -5335,7 +5335,7 @@
PASS SVGElement interface: attribute oncut
PASS SVGElement interface: attribute onpaste
PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
PASS SVGElement interface: attribute tabIndex
PASS SVGElement interface: operation focus(optional FocusOptions)
Modified: trunk/Source/WebCore/ChangeLog (285477 => 285478)
--- trunk/Source/WebCore/ChangeLog 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/ChangeLog 2021-11-09 02:26:15 UTC (rev 285478)
@@ -1,3 +1,47 @@
+2021-11-08 Patrick Griffis <[email protected]>
+
+ Implement nonce-hiding
+ https://bugs.webkit.org/show_bug.cgi?id=179728
+
+ Reviewed by Chris Dumez.
+
+ This is a hardening technique implemented by both Firefox and Chromium.
+
+ The behavior is documented here: https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes
+
+ * dom/Element.cpp:
+ (WebCore::Element::nonce const):
+ (WebCore::Element::setNonce):
+ (WebCore::Element::hideNonce):
+ (WebCore::Element::attributeChanged):
+ (WebCore::Element::cloneAttributesFromElement):
+ * dom/Element.h:
+ * dom/ElementRareData.cpp:
+ * dom/ElementRareData.h:
+ (WebCore::ElementRareData::nonce const):
+ (WebCore::ElementRareData::setNonce):
+ (WebCore::ElementRareData::useTypes const):
+ * dom/InlineClassicScript.cpp:
+ (WebCore::InlineClassicScript::create):
+ * dom/InlineStyleSheetOwner.cpp:
+ (WebCore::InlineStyleSheetOwner::createSheet):
+ * dom/NodeRareData.h:
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::requestClassicScript):
+ (WebCore::ScriptElement::requestModuleScript):
+ (WebCore::ScriptElement::executeClassicScript):
+ * html/HTMLElement.cpp:
+ (WebCore::HTMLElement::insertedIntoAncestor):
+ * html/HTMLElement.h:
+ * html/HTMLOrForeignElement.idl:
+ * html/HTMLScriptElement.idl:
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::didReceiveHeader):
+ * page/csp/ContentSecurityPolicy.h:
+ (WebCore::ContentSecurityPolicy::isHeaderDelivered const):
+ * svg/SVGElement.cpp:
+ (WebCore::SVGElement::insertedIntoAncestor):
+
2021-11-08 J Pascoe <[email protected]>
[WebAuthn] challenge does not get passed to -[_WKWebAuthenticationPanel getAssertionWithChallenge:origin:options:completionHandler:]
Modified: trunk/Source/WebCore/dom/Element.cpp (285477 => 285478)
--- trunk/Source/WebCore/dom/Element.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/Element.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -314,6 +314,38 @@
return -1;
}
+const AtomString& Element::nonce() const
+{
+ return hasRareData() ? elementRareData()->nonce() : emptyAtom();
+}
+
+void Element::setNonce(const AtomString& newValue)
+{
+ if (newValue == emptyAtom() && !hasRareData())
+ return;
+
+ ensureElementRareData().setNonce(newValue);
+}
+
+void Element::hideNonce()
+{
+ // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes
+ if (!isConnected())
+ return;
+
+ const auto& csp = document().contentSecurityPolicy();
+ if (!csp->isHeaderDelivered())
+ return;
+
+ // Retain previous IDL nonce.
+ AtomString currentNonce = nonce();
+
+ if (!getAttribute(nonceAttr).isEmpty())
+ setAttribute(nonceAttr, emptyAtom());
+
+ setNonce(currentNonce);
+}
+
bool Element::supportsFocus() const
{
return !!tabIndexSetExplicitly();
@@ -1860,7 +1892,10 @@
treeScope().idTargetObserverRegistry().notifyObservers(*newValue.impl());
} else if (name == HTMLNames::nameAttr)
elementData()->setHasNameAttribute(!newValue.isNull());
- else if (name == HTMLNames::pseudoAttr) {
+ else if (name == HTMLNames::nonceAttr) {
+ if (is<HTMLElement>(*this) || is<SVGElement>(*this))
+ setNonce(newValue.isNull() ? emptyAtom() : newValue);
+ } else if (name == HTMLNames::pseudoAttr) {
if (needsStyleInvalidation() && isInShadowTree())
invalidateStyleForSubtree();
} else if (name == HTMLNames::slotAttr) {
@@ -4483,6 +4518,8 @@
for (const Attribute& attribute : attributesIterator())
attributeChanged(attribute.name(), nullAtom(), attribute.value(), ModifiedByCloning);
+
+ setNonce(other.nonce());
}
void Element::cloneDataFromElement(const Element& other)
Modified: trunk/Source/WebCore/dom/Element.h (285477 => 285478)
--- trunk/Source/WebCore/dom/Element.h 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/Element.h 2021-11-09 02:26:15 UTC (rev 285478)
@@ -359,6 +359,11 @@
WEBCORE_EXPORT void setTabIndexForBindings(int);
virtual RefPtr<Element> focusDelegate();
+ // Used by the HTMLElement and SVGElement IDLs.
+ WEBCORE_EXPORT const AtomString& nonce() const;
+ WEBCORE_EXPORT void setNonce(const AtomString&);
+ void hideNonce();
+
ExceptionOr<void> insertAdjacentHTML(const String& where, const String& html, NodeVector* addedNodes);
WEBCORE_EXPORT ExceptionOr<Element*> insertAdjacentElement(const String& where, Element& newChild);
Modified: trunk/Source/WebCore/dom/ElementRareData.cpp (285477 => 285478)
--- trunk/Source/WebCore/dom/ElementRareData.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/ElementRareData.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -37,7 +37,7 @@
LayoutSize sizeForResizing;
IntPoint savedLayerScrollPosition;
Vector<std::unique_ptr<ElementAnimationRareData>> animationRareData;
- void* pointers[10];
+ void* pointers[11];
void* intersectionObserverData;
#if ENABLE(CSS_TYPED_OM)
void* typedOMData;
Modified: trunk/Source/WebCore/dom/ElementRareData.h (285477 => 285478)
--- trunk/Source/WebCore/dom/ElementRareData.h 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/ElementRareData.h 2021-11-09 02:26:15 UTC (rev 285478)
@@ -103,6 +103,9 @@
ResizeObserverData* resizeObserverData() { return m_resizeObserverData.get(); }
void setResizeObserverData(std::unique_ptr<ResizeObserverData>&& data) { m_resizeObserverData = WTFMove(data); }
+ const AtomString& nonce() const { return m_nonce; }
+ void setNonce(const AtomString& value) { m_nonce = value; }
+
#if ENABLE(CSS_TYPED_OM)
StylePropertyMap* attributeStyleMap() { return m_attributeStyleMap.get(); }
void setAttributeStyleMap(Ref<StylePropertyMap>&& map) { m_attributeStyleMap = WTFMove(map); }
@@ -146,6 +149,8 @@
result.add(UseType::PartList);
if (!m_partNames.isEmpty())
result.add(UseType::PartNames);
+ if (m_nonce)
+ result.add(UseType::Nonce);
return result;
}
#endif
@@ -177,6 +182,8 @@
std::unique_ptr<DOMTokenList> m_partList;
SpaceSplitString m_partNames;
+ AtomString m_nonce;
+
void releasePseudoElement(PseudoElement*);
};
Modified: trunk/Source/WebCore/dom/InlineClassicScript.cpp (285477 => 285478)
--- trunk/Source/WebCore/dom/InlineClassicScript.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/InlineClassicScript.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -36,7 +36,7 @@
{
auto& element = scriptElement.element();
return adoptRef(*new InlineClassicScript(
- element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
+ element.nonce(),
element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr),
scriptElement.scriptCharset(),
element.localName(),
Modified: trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp (285477 => 285478)
--- trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -168,7 +168,7 @@
ASSERT(document.contentSecurityPolicy());
const ContentSecurityPolicy& contentSecurityPolicy = *document.contentSecurityPolicy();
- bool hasKnownNonce = contentSecurityPolicy.allowStyleWithNonce(element.attributeWithoutSynchronization(HTMLNames::nonceAttr), element.isInUserAgentShadowTree());
+ bool hasKnownNonce = contentSecurityPolicy.allowStyleWithNonce(element.nonce(), element.isInUserAgentShadowTree());
if (!contentSecurityPolicy.allowInlineStyle(document.url().string(), m_startTextPosition.m_line, text, CheckUnsafeHashes::No, hasKnownNonce))
return;
Modified: trunk/Source/WebCore/dom/NodeRareData.h (285477 => 285478)
--- trunk/Source/WebCore/dom/NodeRareData.h 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/NodeRareData.h 2021-11-09 02:26:15 UTC (rev 285478)
@@ -263,6 +263,7 @@
StyleMap = 1 << 15,
PartList = 1 << 16,
PartNames = 1 << 17,
+ Nonce = 1 << 18,
};
#endif
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (285477 => 285478)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -291,7 +291,7 @@
ASSERT(!m_loadableScript);
if (!stripLeadingAndTrailingHTMLSpaces(sourceURL).isEmpty()) {
auto script = LoadableClassicScript::create(
- m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
+ m_element.nonce(),
m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(),
referrerPolicy(),
m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr),
@@ -304,7 +304,7 @@
m_element.document().willLoadScriptElement(scriptURL);
const auto& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
- if (!contentSecurityPolicy.allowNonParserInsertedScripts(scriptURL, m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), String(), m_parserInserted))
+ if (!contentSecurityPolicy.allowNonParserInsertedScripts(scriptURL, m_element.nonce(), String(), m_parserInserted))
return false;
if (script->load(m_element.document(), scriptURL)) {
@@ -326,7 +326,7 @@
{
// https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
// Module is always CORS request. If attribute is not given, it should be same-origin credential.
- String nonce = m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr);
+ String nonce = m_element.nonce();
String crossOriginMode = m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
if (crossOriginMode.isNull())
crossOriginMode = ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule;
@@ -397,10 +397,10 @@
if (!m_isExternalScript) {
ASSERT(m_element.document().contentSecurityPolicy());
const ContentSecurityPolicy& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
- if (!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(), m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), sourceCode.source(), m_parserInserted))
+ if (!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(), m_element.nonce(), sourceCode.source(), m_parserInserted))
return;
- bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), m_element.isInUserAgentShadowTree());
+ bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.nonce(), m_element.isInUserAgentShadowTree());
if (!contentSecurityPolicy.allowInlineScript(m_element.document().url().string(), m_startLineNumber, sourceCode.source(), hasKnownNonce))
return;
}
Modified: trunk/Source/WebCore/html/HTMLElement.cpp (285477 => 285478)
--- trunk/Source/WebCore/html/HTMLElement.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLElement.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -499,6 +499,13 @@
setAttributeEventListener(eventName, name, value);
}
+Node::InsertedIntoAncestorResult HTMLElement::insertedIntoAncestor(InsertionType insertionType, ContainerNode& containerNode)
+{
+ auto result = Element::insertedIntoAncestor(insertionType, containerNode);
+ hideNonce();
+ return result;
+}
+
static Ref<DocumentFragment> textToFragment(Document& document, const String& text)
{
auto fragment = DocumentFragment::create(document);
Modified: trunk/Source/WebCore/html/HTMLElement.h (285477 => 285478)
--- trunk/Source/WebCore/html/HTMLElement.h 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLElement.h 2021-11-09 02:26:15 UTC (rev 285478)
@@ -166,6 +166,7 @@
bool matchesReadWritePseudoClass() const override;
void parseAttribute(const QualifiedName&, const AtomString&) override;
+ Node::InsertedIntoAncestorResult insertedIntoAncestor(InsertionType , ContainerNode& parentOfInsertedTree) override;
bool hasPresentationalHintsForAttribute(const QualifiedName&) const override;
void collectPresentationalHintsForAttribute(const QualifiedName&, const AtomString&, MutableStyleProperties&) override;
unsigned parseBorderWidthAttribute(const AtomString&) const;
Modified: trunk/Source/WebCore/html/HTMLOrForeignElement.idl (285477 => 285478)
--- trunk/Source/WebCore/html/HTMLOrForeignElement.idl 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLOrForeignElement.idl 2021-11-09 02:26:15 UTC (rev 285478)
@@ -28,8 +28,7 @@
// https://github.com/whatwg/html/issues/4702
interface mixin HTMLOrForeignElement {
[SameObject] readonly attribute DOMStringMap dataset;
- // FIXME: Implement 'nonce'.
- // attribute DOMString nonce; // intentionally no [CEReactions]
+ attribute DOMString nonce; // intentionally no [CEReactions]
[CEReactions=NotNeeded, Reflect] attribute boolean autofocus;
[CEReactions, ImplementedAs=tabIndexForBindings] attribute long tabIndex;
Modified: trunk/Source/WebCore/html/HTMLScriptElement.idl (285477 => 285478)
--- trunk/Source/WebCore/html/HTMLScriptElement.idl 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLScriptElement.idl 2021-11-09 02:26:15 UTC (rev 285478)
@@ -30,7 +30,6 @@
[CEReactions=NotNeeded, Reflect, URL] attribute USVString src;
[CEReactions=NotNeeded, Reflect] attribute DOMString type;
[CEReactions=NotNeeded] attribute DOMString? crossOrigin;
- [Reflect] attribute DOMString nonce;
[CEReactions=NotNeeded, Reflect] attribute boolean noModule;
[CEReactions=NotNeeded, Reflect, EnabledBySetting=SubresourceIntegrityEnabled] attribute DOMString integrity;
[EnabledBySetting=ReferrerPolicyAttributeEnabled, ImplementedAs=referrerPolicyForBindings, CEReactions=NotNeeded] attribute DOMString referrerPolicy;
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (285477 => 285478)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -195,7 +195,8 @@
if (policyFrom == PolicyFrom::API) {
ASSERT(m_policies.isEmpty());
m_hasAPIPolicy = true;
- }
+ } else if (policyFrom == PolicyFrom::HTTPHeader)
+ m_isHeaderDelivered = true;
m_cachedResponseHeaders = std::nullopt;
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h (285477 => 285478)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h 2021-11-09 02:26:15 UTC (rev 285478)
@@ -185,6 +185,8 @@
SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
+ bool isHeaderDelivered() const { return m_isHeaderDelivered; }
+
private:
void logToConsole(const String& message, const String& contextURL = String(), const OrdinalNumber& contextLine = OrdinalNumber::beforeFirst(), const OrdinalNumber& contextColumn = OrdinalNumber::beforeFirst(), JSC::JSGlobalObject* = nullptr) const;
void applyPolicyToScriptExecutionContext();
@@ -247,6 +249,7 @@
OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineStylesheets;
HashSet<SecurityOriginData> m_insecureNavigationRequestsToUpgrade;
mutable std::optional<ContentSecurityPolicyResponseHeaders> m_cachedResponseHeaders;
+ bool m_isHeaderDelivered { false };
};
}
Modified: trunk/Source/WebCore/svg/SVGElement.cpp (285477 => 285478)
--- trunk/Source/WebCore/svg/SVGElement.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/svg/SVGElement.cpp 2021-11-09 02:26:15 UTC (rev 285478)
@@ -894,6 +894,8 @@
return InsertedIntoAncestorResult::NeedsPostInsertionCallback;
}
+ hideNonce();
+
return InsertedIntoAncestorResult::Done;
}
