Bug 1389421 - Support nonce IDL property; r?smaug
We already support the actual functionality, but nobody added support
for the IDL property to the .webidl file.
Also added <style nonce> to the web-platform-tests reflection tests,
since nobody updated that to the current spec either.
This does not add support for .nonce to SVGScriptElement, because I
couldn't find any standard that specified it. I updated the wpt tests
to expect .nonce to work on HTMLScriptElement but not SVGScriptElement.
MozReview-Commit-ID: F1K7WMfMoDi
--- a/dom/html/HTMLLinkElement.h
+++ b/dom/html/HTMLLinkElement.h
@@ -102,16 +102,24 @@ public:
SetOrRemoveNullableStringAttr(nsGkAtoms::crossorigin, aCrossOrigin, aError);
}
// XPCOM GetRel is fine.
void SetRel(const nsAString& aRel, ErrorResult& aRv)
{
SetHTMLAttr(nsGkAtoms::rel, aRel, aRv);
}
nsDOMTokenList* RelList();
+ void GetNonce(nsAString& aNonce) const
+ {
+ GetHTMLAttr(nsGkAtoms::nonce, aNonce);
+ }
+ void SetNonce(const nsAString& aNonce, ErrorResult& aRv)
+ {
+ SetHTMLAttr(nsGkAtoms::nonce, aNonce, aRv);
+ }
// XPCOM GetMedia is fine.
void SetMedia(const nsAString& aMedia, ErrorResult& aRv)
{
SetHTMLAttr(nsGkAtoms::media, aMedia, aRv);
}
// XPCOM GetHreflang is fine.
void SetHreflang(const nsAString& aHreflang, ErrorResult& aRv)
{
--- a/dom/html/HTMLScriptElement.h
+++ b/dom/html/HTMLScriptElement.h
@@ -76,16 +76,24 @@ public:
// always parse to an enum value, so we don't need an invalid
// default, and we _want_ the missing default to be null.
GetEnumAttr(nsGkAtoms::crossorigin, nullptr, aResult);
}
void SetCrossOrigin(const nsAString& aCrossOrigin, ErrorResult& aError)
{
SetOrRemoveNullableStringAttr(nsGkAtoms::crossorigin, aCrossOrigin, aError);
}
+ void GetNonce(nsAString& aNonce) const
+ {
+ GetHTMLAttr(nsGkAtoms::nonce, aNonce);
+ }
+ void SetNonce(const nsAString& aNonce, ErrorResult& aRv)
+ {
+ SetHTMLAttr(nsGkAtoms::nonce, aNonce, aRv);
+ }
void GetIntegrity(nsAString& aIntegrity)
{
GetHTMLAttr(nsGkAtoms::integrity, aIntegrity);
}
void SetIntegrity(const nsAString& aIntegrity, ErrorResult& rv)
{
SetHTMLAttr(nsGkAtoms::integrity, aIntegrity, rv);
}
--- a/dom/html/HTMLStyleElement.h
+++ b/dom/html/HTMLStyleElement.h
@@ -57,16 +57,24 @@ public:
// nsIMutationObserver
NS_DECL_NSIMUTATIONOBSERVER_CHARACTERDATACHANGED
NS_DECL_NSIMUTATIONOBSERVER_CONTENTAPPENDED
NS_DECL_NSIMUTATIONOBSERVER_CONTENTINSERTED
NS_DECL_NSIMUTATIONOBSERVER_CONTENTREMOVED
bool Disabled();
void SetDisabled(bool aDisabled);
+ void GetNonce(nsAString& aNonce) const
+ {
+ GetHTMLAttr(nsGkAtoms::nonce, aNonce);
+ }
+ void SetNonce(const nsAString& aNonce, ErrorResult& aRv)
+ {
+ SetHTMLAttr(nsGkAtoms::nonce, aNonce, aRv);
+ }
void SetMedia(const nsAString& aMedia, ErrorResult& aError)
{
SetHTMLAttr(nsGkAtoms::media, aMedia, aError);
}
void SetType(const nsAString& aType, ErrorResult& aError)
{
SetHTMLAttr(nsGkAtoms::type, aType, aError);
}
--- a/dom/webidl/HTMLLinkElement.webidl
+++ b/dom/webidl/HTMLLinkElement.webidl
@@ -22,16 +22,18 @@ interface HTMLLinkElement : HTMLElement
attribute DOMString? crossOrigin;
[CEReactions, SetterThrows, Pure]
attribute DOMString rel;
[PutForwards=value]
readonly attribute DOMTokenList relList;
[CEReactions, SetterThrows, Pure]
attribute DOMString media;
[CEReactions, SetterThrows, Pure]
+ attribute DOMString nonce;
+ [CEReactions, SetterThrows, Pure]
attribute DOMString hreflang;
[CEReactions, SetterThrows, Pure]
attribute DOMString type;
[CEReactions, SetterThrows, Pure]
attribute DOMString referrerPolicy;
[PutForwards=value] readonly attribute DOMTokenList sizes;
};
HTMLLinkElement implements LinkStyle;
--- a/dom/webidl/HTMLScriptElement.webidl
+++ b/dom/webidl/HTMLScriptElement.webidl
@@ -21,23 +21,21 @@ interface HTMLScriptElement : HTMLElemen
[CEReactions, SetterThrows]
attribute boolean async;
[CEReactions, SetterThrows]
attribute boolean defer;
[CEReactions, SetterThrows]
attribute DOMString? crossOrigin;
[CEReactions, SetterThrows]
attribute DOMString text;
+ [CEReactions, SetterThrows, Pure]
+ attribute DOMString nonce;
+ [CEReactions, SetterThrows, Pure]
+ attribute DOMString integrity;
};
// http://www.whatwg.org/specs/web-apps/current-work/#other-elements,-attributes-and-apis
partial interface HTMLScriptElement {
[CEReactions, SetterThrows]
attribute DOMString event;
[CEReactions, SetterThrows]
attribute DOMString htmlFor;
};
-
-// https://w3c.github.io/webappsec/specs/subresourceintegrity/#htmlscriptelement-1
-partial interface HTMLScriptElement {
- [CEReactions, SetterThrows]
- attribute DOMString integrity;
-};
--- a/dom/webidl/HTMLStyleElement.webidl
+++ b/dom/webidl/HTMLStyleElement.webidl
@@ -10,14 +10,16 @@
[HTMLConstructor]
interface HTMLStyleElement : HTMLElement {
[Pure]
attribute boolean disabled;
[CEReactions, SetterThrows, Pure]
attribute DOMString media;
[CEReactions, SetterThrows, Pure]
+ attribute DOMString nonce;
+ [CEReactions, SetterThrows, Pure]
attribute DOMString type;
[SetterThrows, Pure, Pref="layout.css.scoped-style.enabled"]
attribute boolean scoped;
};
HTMLStyleElement implements LinkStyle;
--- a/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html.ini
+++ b/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html.ini
@@ -1,29 +1,8 @@
[script-nonces-hidden-meta.tentative.html]
type: testharness
- [Reading 'nonce' content attribute and IDL attribute.]
- expected: FAIL
-
- [Cloned node retains nonce.]
- expected: FAIL
-
- [Cloned node retains nonce when inserted.]
- expected: FAIL
-
- [Writing 'nonce' content attribute.]
- expected: FAIL
-
- [Document-written script's nonce value.]
- expected: FAIL
-
[createElement.nonce.]
expected: FAIL
- [setAttribute('nonce') overwrites '.nonce' upon insertion.]
- expected: FAIL
-
- [createElement.setAttribute.]
- expected: FAIL
-
[Nonces leak via CSS side-channels.]
expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html.ini
+++ b/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html.ini
@@ -4,19 +4,16 @@
expected: FAIL
[Cloned node retains nonce.]
expected: FAIL
[Cloned node retains nonce when inserted.]
expected: FAIL
- [Writing 'nonce' content attribute.]
- expected: FAIL
-
[Document-written script's nonce value.]
expected: FAIL
[createElement.nonce.]
expected: FAIL
[setAttribute('nonce') overwrites '.nonce' upon insertion.]
expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html.ini
+++ b/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html.ini
@@ -10,14 +10,11 @@
expected: FAIL
[Writing 'nonce' content attribute.]
expected: FAIL
[Document-written script's nonce value.]
expected: FAIL
- [createElement.setAttribute.]
- expected: FAIL
-
[Nonces don't leak via CSS side-channels.]
expected: FAIL
--- a/testing/web-platform/meta/html/dom/interfaces.html.ini
+++ b/testing/web-platform/meta/html/dom/interfaces.html.ini
@@ -2672,22 +2672,16 @@
expected: FAIL
[HTMLElement interface: document.createElement("noscript") must inherit property "oncuechange" with the proper type (27)]
expected: FAIL
[HTMLElement interface: document.createElement("noscript") must inherit property "onmousewheel" with the proper type (58)]
expected: FAIL
- [HTMLStyleElement interface: attribute nonce]
- expected: FAIL
-
- [HTMLStyleElement interface: document.createElement("style") must inherit property "nonce" with the proper type (1)]
- expected: FAIL
-
[HTMLMediaElement interface: document.createElement("video") must inherit property "audioTracks" with the proper type (38)]
expected: FAIL
[HTMLMediaElement interface: document.createElement("video") must inherit property "videoTracks" with the proper type (39)]
expected: FAIL
[HTMLMediaElement interface: document.createElement("audio") must inherit property "audioTracks" with the proper type (38)]
expected: FAIL
@@ -2996,22 +2990,16 @@
expected: FAIL
[HTMLElement interface: document.createElement("noscript") must inherit property "oncuechange" with the proper type (28)]
expected: FAIL
[HTMLElement interface: document.createElement("noscript") must inherit property "onmousewheel" with the proper type (59)]
expected: FAIL
- [HTMLLinkElement interface: attribute nonce]
- expected: FAIL
-
- [HTMLLinkElement interface: document.createElement("link") must inherit property "nonce" with the proper type (5)]
- expected: FAIL
-
[HTMLIFrameElement interface: attribute allowUserMedia]
expected: FAIL
[Window interface: window must inherit property "oncancel" with the proper type (41)]
expected: FAIL
[Window interface: window must inherit property "oncuechange" with the proper type (48)]
expected: FAIL
@@ -3251,25 +3239,19 @@
expected: FAIL
[Document interface: document.implementation.createDocument(null, "", null) must inherit property "onmousewheel" with the proper type (126)]
expected: FAIL
[HTMLScriptElement interface: attribute noModule]
expected: FAIL
- [HTMLScriptElement interface: attribute nonce]
- expected: FAIL
-
[HTMLScriptElement interface: document.createElement("script") must inherit property "noModule" with the proper type (2)]
expected: FAIL
- [HTMLScriptElement interface: document.createElement("script") must inherit property "nonce" with the proper type (8)]
- expected: FAIL
-
[HTMLElement interface: document.createElement("noscript") must inherit property "forceSpellCheck" with the proper type (15)]
expected: FAIL
[Element interface: document.createElement("noscript") must inherit property "slot" with the proper type (7)]
expected: FAIL
[Element interface: document.createElement("noscript") must inherit property "attachShadow" with the proper type (24)]
expected: FAIL
@@ -3284,19 +3266,16 @@
expected: FAIL
[Document interface: new Document() must inherit property "styleSheets" with the proper type (29)]
expected: FAIL
[Document interface: document.implementation.createDocument(null, "", null) must inherit property "styleSheets" with the proper type (29)]
expected: FAIL
- [HTMLLinkElement interface: document.createElement("link") must inherit property "nonce" with the proper type (6)]
- expected: FAIL
-
[HTMLBodyElement interface: attribute onmessageerror]
expected: FAIL
[HTMLBodyElement interface: attribute onrejectionhandled]
expected: FAIL
[HTMLBodyElement interface: attribute onunhandledrejection]
expected: FAIL
--- a/testing/web-platform/meta/html/dom/reflection-metadata.html.ini
+++ b/testing/web-platform/meta/html/dom/reflection-metadata.html.ini
@@ -31,112 +31,16 @@
expected: FAIL
[style.tabIndex: setAttribute() to object "3" followed by getAttribute()]
expected: FAIL
[style.tabIndex: setAttribute() to object "3" followed by IDL get]
expected: FAIL
- [link.nonce: typeof IDL attribute]
- expected: FAIL
-
- [link.nonce: IDL get with DOM attribute unset]
- expected: FAIL
-
- [link.nonce: setAttribute() to ""]
- expected: FAIL
-
- [link.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [link.nonce: setAttribute() to undefined]
- expected: FAIL
-
- [link.nonce: setAttribute() to 7]
- expected: FAIL
-
- [link.nonce: setAttribute() to 1.5]
- expected: FAIL
-
- [link.nonce: setAttribute() to true]
- expected: FAIL
-
- [link.nonce: setAttribute() to false]
- expected: FAIL
-
- [link.nonce: setAttribute() to object "[object Object\]"]
- expected: FAIL
-
- [link.nonce: setAttribute() to NaN]
- expected: FAIL
-
- [link.nonce: setAttribute() to Infinity]
- expected: FAIL
-
- [link.nonce: setAttribute() to -Infinity]
- expected: FAIL
-
- [link.nonce: setAttribute() to "\\0"]
- expected: FAIL
-
- [link.nonce: setAttribute() to null]
- expected: FAIL
-
- [link.nonce: setAttribute() to object "test-toString"]
- expected: FAIL
-
- [link.nonce: setAttribute() to object "test-valueOf"]
- expected: FAIL
-
- [link.nonce: IDL set to ""]
- expected: FAIL
-
- [link.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [link.nonce: IDL set to undefined]
- expected: FAIL
-
- [link.nonce: IDL set to 7]
- expected: FAIL
-
- [link.nonce: IDL set to 1.5]
- expected: FAIL
-
- [link.nonce: IDL set to true]
- expected: FAIL
-
- [link.nonce: IDL set to false]
- expected: FAIL
-
- [link.nonce: IDL set to object "[object Object\]"]
- expected: FAIL
-
- [link.nonce: IDL set to NaN]
- expected: FAIL
-
- [link.nonce: IDL set to Infinity]
- expected: FAIL
-
- [link.nonce: IDL set to -Infinity]
- expected: FAIL
-
- [link.nonce: IDL set to "\\0"]
- expected: FAIL
-
- [link.nonce: IDL set to null]
- expected: FAIL
-
- [link.nonce: IDL set to object "test-toString"]
- expected: FAIL
-
- [link.nonce: IDL set to object "test-valueOf"]
- expected: FAIL
-
[link.as: setAttribute() to "document"]
expected: FAIL
[link.as: setAttribute() to "DOCUMENT"]
expected: FAIL
[link.as: setAttribute() to "embed"]
expected: FAIL
--- a/testing/web-platform/meta/html/dom/reflection-misc.html.ini
+++ b/testing/web-platform/meta/html/dom/reflection-misc.html.ini
@@ -599,112 +599,16 @@
expected: FAIL
[menuitem.default: IDL set to object "test-toString"]
expected: FAIL
[menuitem.default: IDL set to object "test-valueOf"]
expected: FAIL
- [script.nonce: typeof IDL attribute]
- expected: FAIL
-
- [script.nonce: IDL get with DOM attribute unset]
- expected: FAIL
-
- [script.nonce: setAttribute() to ""]
- expected: FAIL
-
- [script.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [script.nonce: setAttribute() to undefined]
- expected: FAIL
-
- [script.nonce: setAttribute() to 7]
- expected: FAIL
-
- [script.nonce: setAttribute() to 1.5]
- expected: FAIL
-
- [script.nonce: setAttribute() to true]
- expected: FAIL
-
- [script.nonce: setAttribute() to false]
- expected: FAIL
-
- [script.nonce: setAttribute() to object "[object Object\]"]
- expected: FAIL
-
- [script.nonce: setAttribute() to NaN]
- expected: FAIL
-
- [script.nonce: setAttribute() to Infinity]
- expected: FAIL
-
- [script.nonce: setAttribute() to -Infinity]
- expected: FAIL
-
- [script.nonce: setAttribute() to "\\0"]
- expected: FAIL
-
- [script.nonce: setAttribute() to null]
- expected: FAIL
-
- [script.nonce: setAttribute() to object "test-toString"]
- expected: FAIL
-
- [script.nonce: setAttribute() to object "test-valueOf"]
- expected: FAIL
-
- [script.nonce: IDL set to ""]
- expected: FAIL
-
- [script.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [script.nonce: IDL set to undefined]
- expected: FAIL
-
- [script.nonce: IDL set to 7]
- expected: FAIL
-
- [script.nonce: IDL set to 1.5]
- expected: FAIL
-
- [script.nonce: IDL set to true]
- expected: FAIL
-
- [script.nonce: IDL set to false]
- expected: FAIL
-
- [script.nonce: IDL set to object "[object Object\]"]
- expected: FAIL
-
- [script.nonce: IDL set to NaN]
- expected: FAIL
-
- [script.nonce: IDL set to Infinity]
- expected: FAIL
-
- [script.nonce: IDL set to -Infinity]
- expected: FAIL
-
- [script.nonce: IDL set to "\\0"]
- expected: FAIL
-
- [script.nonce: IDL set to null]
- expected: FAIL
-
- [script.nonce: IDL set to object "test-toString"]
- expected: FAIL
-
- [script.nonce: IDL set to object "test-valueOf"]
- expected: FAIL
-
[script.noModule: typeof IDL attribute]
expected: FAIL
[script.noModule: IDL get with DOM attribute unset]
expected: FAIL
[script.noModule: setAttribute() to ""]
expected: FAIL
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html
@@ -48,17 +48,17 @@
assert_equals(script.getAttribute('nonce'), 'foo');
assert_equals(script.nonce, 'foo');
}, "Writing 'nonce' content attribute.");
// Set the IDL attribute to 'bar'
test(t => {
script.nonce = 'bar';
assert_equals(script.nonce, 'bar');
- assert_equals(script.getAttribute('nonce'), 'foo');
+ assert_equals(script.getAttribute('nonce'), 'bar');
}, "Writing 'nonce' IDL attribute.");
// Fragment parser.
var documentWriteTest = async_test("Document-written script executes.");
document.write(`<script nonce='abc'>
documentWriteTest.done();
test(t => {
var script = document.currentScript;
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html
@@ -49,17 +49,17 @@
assert_equals(script.getAttribute('nonce'), 'foo');
assert_equals(script.nonce, 'foo');
}, "Writing 'nonce' content attribute.");
// Set the IDL attribute to 'bar'
test(t => {
script.nonce = 'bar';
assert_equals(script.nonce, 'bar');
- assert_equals(script.getAttribute('nonce'), 'foo');
+ assert_equals(script.getAttribute('nonce'), 'bar');
}, "Writing 'nonce' IDL attribute.");
// Fragment parser.
var documentWriteTest = async_test("Document-written script executes.");
document.write(`<script nonce='abc'>
documentWriteTest.done();
test(t => {
var script = document.currentScript;
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html
@@ -47,17 +47,17 @@
// Set the content attribute to 'foo'
test(t => {
script.setAttribute('nonce', 'foo');
assert_equals(script.getAttribute('nonce'), 'foo');
assert_equals(script.nonce, 'abc');
}, "Writing 'nonce' content attribute.");
- // Set the IDL attribute to 'bar'
+ // Set the IDL attribute to 'bar' (doesn't work on SVGScriptElement)
test(t => {
script.nonce = 'bar';
assert_equals(script.nonce, 'bar');
assert_equals(script.getAttribute('nonce'), 'foo');
}, "Writing 'nonce' IDL attribute.");
// Fragment parser.
var documentWriteTest = async_test("Document-written script executes.");
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html
@@ -68,17 +68,18 @@
assert_equals(script.getAttribute('nonce'), '');
assert_equals(script.nonce, 'abc');
}, "Document-written script's nonce value.");
</scr` + `ipt></svg>`);
// Create node.
test(t => {
var s = document.createElement('svg');
- var innerScript = document.createElement('script');
+ var innerScript = document.createElementNS('http://www.w3.org/2000/svg',
+ 'script');
innerScript.innerText = script.innerText;
innerScript.nonce = 'abc';
s.appendChild(innerScript);
document.body.appendChild(s);
assert_equals(innerScript.nonce, 'abc');
assert_equals(innerScript.getAttribute('nonce'), null);
}, "createElement.nonce.");
--- a/testing/web-platform/tests/html/dom/elements-metadata.js
+++ b/testing/web-platform/tests/html/dom/elements-metadata.js
@@ -50,13 +50,14 @@ var metadataElements = {
httpEquiv: {type: "string", domAttrName: "http-equiv"},
content: "string",
// Obsolete
scheme: "string",
},
style: {
media: "string",
+ nonce: "string",
type: "string",
},
};
mergeElements(metadataElements);