diff options
| author | Simon Wülker <simon.wuelker@arcor.de> | 2025-03-10 10:25:34 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-10 09:25:34 +0000 |
| commit | 1b6b21cb8579622955e2a25c59ebb2bb0875b169 (patch) | |
| tree | 922bc204a8fbb0958493e594d33b2d2e103f295f | |
| parent | ce4ba309924ffa35e0dd4309527586b8f0c22b75 (diff) | |
| download | servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.tar.gz servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.zip | |
Implement `nonce` attribute to pass more CSP checks (#35876)
* Add doc comments to RequestBuilder fields/methods
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement Request::cryptographic_nonce_metadata
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement HTMLOrSVGElement::nonce
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request cryptographic nonce metadata for link elements
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request's cryptographic nonce when fetching scripts
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Forward request nonce to rust-content-security-policy
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
18 files changed, 111 insertions, 289 deletions
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index a2c690fb53d..ca43bb5c917 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -183,7 +183,7 @@ pub fn should_request_be_blocked_by_csp( redirect_count: request.redirect_count, destination: request.destination, initiator: csp::Initiator::None, - nonce: String::new(), + nonce: request.cryptographic_nonce_metadata.clone(), integrity_metadata: request.integrity_metadata.clone(), parser_metadata: csp::ParserMetadata::None, }; diff --git a/components/script/dom/htmlelement.rs b/components/script/dom/htmlelement.rs index 6bf01535a10..1f0d1f223fb 100644 --- a/components/script/dom/htmlelement.rs +++ b/components/script/dom/htmlelement.rs @@ -641,6 +641,14 @@ impl HTMLElementMethods<crate::DomTypeHolder> for HTMLElement { Ok(internals) } + // FIXME: The nonce should be stored in an internal slot instead of an + // attribute (https://html.spec.whatwg.org/multipage/#cryptographicnonce) + // https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce + make_getter!(Nonce, "nonce"); + + // https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce + make_setter!(SetNonce, "nonce"); + // https://html.spec.whatwg.org/multipage/#dom-fe-autofocus fn Autofocus(&self) -> bool { self.element.has_attribute(&local_name!("autofocus")) diff --git a/components/script/dom/htmllinkelement.rs b/components/script/dom/htmllinkelement.rs index a321cd25fc9..bf5939138f5 100644 --- a/components/script/dom/htmllinkelement.rs +++ b/components/script/dom/htmllinkelement.rs @@ -30,11 +30,11 @@ use style::parser::ParserContext as CssParserContext; use style::stylesheets::{CssRuleType, Origin, Stylesheet, UrlExtraData}; use style_traits::ParsingMode; -use super::types::{EventTarget, GlobalScope}; use crate::dom::attr::Attr; use crate::dom::bindings::cell::DomRefCell; use crate::dom::bindings::codegen::Bindings::DOMTokenListBinding::DOMTokenList_Binding::DOMTokenListMethods; use crate::dom::bindings::codegen::Bindings::HTMLLinkElementBinding::HTMLLinkElementMethods; +use crate::dom::bindings::codegen::GenericBindings::HTMLElementBinding::HTMLElement_Binding::HTMLElementMethods; use crate::dom::bindings::inheritance::Castable; use crate::dom::bindings::refcounted::Trusted; use crate::dom::bindings::reflector::DomGlobal; @@ -52,6 +52,7 @@ use crate::dom::htmlelement::HTMLElement; use crate::dom::node::{BindContext, Node, NodeTraits, UnbindContext}; use crate::dom::performanceresourcetiming::InitiatorType; use crate::dom::stylesheet::StyleSheet as DOMStyleSheet; +use crate::dom::types::{EventTarget, GlobalScope}; use crate::dom::virtualmethods::VirtualMethods; use crate::fetch::create_a_potential_cors_request; use crate::links::LinkRelations; @@ -74,6 +75,7 @@ struct LinkProcessingOptions { destination: Option<Destination>, integrity: String, link_type: String, + cryptographic_nonce_metadata: String, cross_origin: Option<CorsSettings>, referrer_policy: ReferrerPolicy, policy_container: PolicyContainer, @@ -324,6 +326,7 @@ impl HTMLLinkElement { destination: Some(destination), integrity: String::new(), link_type: String::new(), + cryptographic_nonce_metadata: self.upcast::<HTMLElement>().Nonce().into(), cross_origin: cors_setting_for_element(element), referrer_policy: referrer_policy_for_element(element), policy_container: document.policy_container().to_owned(), @@ -651,7 +654,7 @@ impl LinkProcessingOptions { // url, options's destination, and options's crossorigin. // Step 6. Set request's policy container to options's policy container. // Step 7. Set request's integrity metadata to options's integrity. - // FIXME: Step 8. Set request's cryptographic nonce metadata to options's cryptographic nonce metadata. + // Step 8. Set request's cryptographic nonce metadata to options's cryptographic nonce metadata. // Step 9. Set request's referrer policy to options's referrer policy. // FIXME: Step 10. Set request's client to options's environment. // FIXME: Step 11. Set request's priority to options's fetch priority. @@ -667,6 +670,7 @@ impl LinkProcessingOptions { ) .integrity_metadata(self.integrity) .policy_container(self.policy_container) + .cryptographic_nonce_metadata(self.cryptographic_nonce_metadata) .referrer_policy(self.referrer_policy); // Step 12. Return request. diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 66bcf2d91e0..617968b78f6 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -41,6 +41,7 @@ use crate::dom::attr::Attr; use crate::dom::bindings::codegen::Bindings::DocumentBinding::DocumentMethods; use crate::dom::bindings::codegen::Bindings::HTMLScriptElementBinding::HTMLScriptElementMethods; use crate::dom::bindings::codegen::Bindings::NodeBinding::NodeMethods; +use crate::dom::bindings::codegen::GenericBindings::HTMLElementBinding::HTMLElement_Binding::HTMLElementMethods; use crate::dom::bindings::inheritance::Castable; use crate::dom::bindings::refcounted::Trusted; use crate::dom::bindings::reflector::DomGlobal; @@ -582,6 +583,7 @@ pub(crate) fn script_fetch_request( .parser_metadata(options.parser_metadata) .integrity_metadata(options.integrity_metadata.clone()) .referrer_policy(options.referrer_policy) + .cryptographic_nonce_metadata(options.cryptographic_nonce) } /// <https://html.spec.whatwg.org/multipage/#fetch-a-classic-script> @@ -776,7 +778,7 @@ impl HTMLScriptElement { // Step 29. Fetch options. let options = ScriptFetchOptions { - cryptographic_nonce: "".into(), + cryptographic_nonce: self.upcast::<HTMLElement>().Nonce().into(), integrity_metadata: integrity_metadata.to_owned(), parser_metadata, referrer: self.global().get_referrer(), diff --git a/components/script/dom/servoparser/prefetch.rs b/components/script/dom/servoparser/prefetch.rs index 2d3c1569375..81a6f6ce5b1 100644 --- a/components/script/dom/servoparser/prefetch.rs +++ b/components/script/dom/servoparser/prefetch.rs @@ -109,6 +109,10 @@ impl TokenSink for PrefetchSink { .get_attr(tag, local_name!("integrity")) .map(|attr| String::from(&attr.value)) .unwrap_or_default(); + let cryptographic_nonce = self + .get_attr(tag, local_name!("nonce")) + .map(|attr| String::from(&attr.value)) + .unwrap_or_default(); let request = script_fetch_request( self.webview_id, url, @@ -119,7 +123,7 @@ impl TokenSink for PrefetchSink { referrer: self.referrer.clone(), referrer_policy: self.referrer_policy, integrity_metadata, - cryptographic_nonce: String::new(), + cryptographic_nonce, credentials_mode: CredentialsMode::CredentialsSameOrigin, parser_metadata: ParserMetadata::ParserInserted, }, diff --git a/components/script/dom/svgelement.rs b/components/script/dom/svgelement.rs index 525c93c5741..6dd90a2efa8 100644 --- a/components/script/dom/svgelement.rs +++ b/components/script/dom/svgelement.rs @@ -5,6 +5,7 @@ use dom_struct::dom_struct; use html5ever::{LocalName, Prefix, local_name, namespace_url, ns}; use js::rust::HandleObject; +use script_bindings::str::DOMString; use style_dom::ElementState; use crate::dom::bindings::codegen::Bindings::SVGElementBinding::SVGElementMethods; @@ -81,6 +82,14 @@ impl SVGElementMethods<crate::DomTypeHolder> for SVGElement { }) } + // FIXME: The nonce should be stored in an internal slot instead of an + // attribute (https://html.spec.whatwg.org/multipage/#cryptographicnonce) + // https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce + make_getter!(Nonce, "nonce"); + + // https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce + make_setter!(SetNonce, "nonce"); + // https://html.spec.whatwg.org/multipage/#dom-fe-autofocus fn Autofocus(&self) -> bool { self.element.has_attribute(&local_name!("autofocus")) diff --git a/components/script/fetch.rs b/components/script/fetch.rs index 1480e389b65..ca46eb6ae60 100644 --- a/components/script/fetch.rs +++ b/components/script/fetch.rs @@ -117,6 +117,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder { target_webview_id: request.target_webview_id, redirect_mode: request.redirect_mode, integrity_metadata: request.integrity_metadata.clone(), + cryptographic_nonce_metadata: request.cryptographic_nonce_metadata.clone(), url_list: vec![], parser_metadata: request.parser_metadata, initiator: request.initiator, diff --git a/components/script_bindings/webidls/HTMLOrSVGElement.webidl b/components/script_bindings/webidls/HTMLOrSVGElement.webidl index 634dd3bc6bb..5dd46b2a4ec 100644 --- a/components/script_bindings/webidls/HTMLOrSVGElement.webidl +++ b/components/script_bindings/webidls/HTMLOrSVGElement.webidl @@ -11,7 +11,7 @@ interface mixin HTMLOrSVGElement { // [SameObject] readonly attribute DOMStringMap dataset; - // attribute DOMString nonce; // intentionally no [CEReactions] + attribute DOMString nonce; // intentionally no [CEReactions] [CEReactions] attribute boolean autofocus; // [CEReactions] attribute long tabIndex; diff --git a/components/shared/net/request.rs b/components/shared/net/request.rs index c7720af7517..58cba5cba5c 100644 --- a/components/shared/net/request.rs +++ b/components/shared/net/request.rs @@ -242,43 +242,81 @@ pub enum InsecureRequestsPolicy { #[derive(Clone, Debug, Deserialize, MallocSizeOf, Serialize)] pub struct RequestBuilder { pub id: RequestId, + + /// <https://fetch.spec.whatwg.org/#concept-request-method> #[serde( deserialize_with = "::hyper_serde::deserialize", serialize_with = "::hyper_serde::serialize" )] #[ignore_malloc_size_of = "Defined in hyper"] pub method: Method, + + /// <https://fetch.spec.whatwg.org/#concept-request-url> pub url: ServoUrl, + + /// <https://fetch.spec.whatwg.org/#concept-request-header-list> #[serde( deserialize_with = "::hyper_serde::deserialize", serialize_with = "::hyper_serde::serialize" )] #[ignore_malloc_size_of = "Defined in hyper"] pub headers: HeaderMap, + + /// <https://fetch.spec.whatwg.org/#unsafe-request-flag> pub unsafe_request: bool, + + /// <https://fetch.spec.whatwg.org/#concept-request-body> pub body: Option<RequestBody>, + + /// <https://fetch.spec.whatwg.org/#request-service-workers-mode> pub service_workers_mode: ServiceWorkersMode, // TODO: client object + /// <https://fetch.spec.whatwg.org/#concept-request-destination> pub destination: Destination, pub synchronous: bool, pub mode: RequestMode, + + /// <https://fetch.spec.whatwg.org/#concept-request-cache-mode> pub cache_mode: CacheMode, + + /// <https://fetch.spec.whatwg.org/#use-cors-preflight-flag> pub use_cors_preflight: bool, + + /// <https://fetch.spec.whatwg.org/#concept-request-credentials-mode> pub credentials_mode: CredentialsMode, pub use_url_credentials: bool, + + /// <https://fetch.spec.whatwg.org/#concept-request-origin> pub origin: ImmutableOrigin, + + /// <https://fetch.spec.whatwg.org/#concept-request-policy-container> pub policy_container: RequestPolicyContainer, pub insecure_requests_policy: InsecureRequestsPolicy, - // XXXManishearth these should be part of the client object + + /// <https://fetch.spec.whatwg.org/#concept-request-referrer> pub referrer: Referrer, + + /// <https://fetch.spec.whatwg.org/#concept-request-referrer-policy> pub referrer_policy: ReferrerPolicy, pub pipeline_id: Option<PipelineId>, pub target_webview_id: Option<WebViewId>, + + /// <https://fetch.spec.whatwg.org/#concept-request-redirect-mode> pub redirect_mode: RedirectMode, + + /// <https://fetch.spec.whatwg.org/#concept-request-integrity-metadata> pub integrity_metadata: String, + + /// <https://fetch.spec.whatwg.org/#concept-request-nonce-metadata> + pub cryptographic_nonce_metadata: String, + // to keep track of redirects pub url_list: Vec<ServoUrl>, + + /// <https://fetch.spec.whatwg.org/#concept-request-parser-metadata> pub parser_metadata: ParserMetadata, + + /// <https://fetch.spec.whatwg.org/#concept-request-initiator> pub initiator: Initiator, pub https_state: HttpsState, pub response_tainting: ResponseTainting, @@ -312,6 +350,7 @@ impl RequestBuilder { target_webview_id: webview_id, redirect_mode: RedirectMode::Follow, integrity_metadata: "".to_owned(), + cryptographic_nonce_metadata: "".to_owned(), url_list: vec![], parser_metadata: ParserMetadata::Default, initiator: Initiator::None, @@ -321,31 +360,37 @@ impl RequestBuilder { } } + /// <https://fetch.spec.whatwg.org/#concept-request-initiator> pub fn initiator(mut self, initiator: Initiator) -> RequestBuilder { self.initiator = initiator; self } + /// <https://fetch.spec.whatwg.org/#concept-request-method> pub fn method(mut self, method: Method) -> RequestBuilder { self.method = method; self } + /// <https://fetch.spec.whatwg.org/#concept-request-header-list> pub fn headers(mut self, headers: HeaderMap) -> RequestBuilder { self.headers = headers; self } + /// <https://fetch.spec.whatwg.org/#unsafe-request-flag> pub fn unsafe_request(mut self, unsafe_request: bool) -> RequestBuilder { self.unsafe_request = unsafe_request; self } + /// <https://fetch.spec.whatwg.org/#concept-request-body> pub fn body(mut self, body: Option<RequestBody>) -> RequestBuilder { self.body = body; self } + /// <https://fetch.spec.whatwg.org/#concept-request-destination> pub fn destination(mut self, destination: Destination) -> RequestBuilder { self.destination = destination; self @@ -361,11 +406,13 @@ impl RequestBuilder { self } + /// <https://fetch.spec.whatwg.org/#use-cors-preflight-flag> pub fn use_cors_preflight(mut self, use_cors_preflight: bool) -> RequestBuilder { self.use_cors_preflight = use_cors_preflight; self } + /// <https://fetch.spec.whatwg.org/#concept-request-credentials-mode> pub fn credentials_mode(mut self, credentials_mode: CredentialsMode) -> RequestBuilder { self.credentials_mode = credentials_mode; self @@ -376,11 +423,13 @@ impl RequestBuilder { self } + /// <https://fetch.spec.whatwg.org/#concept-request-origin> pub fn origin(mut self, origin: ImmutableOrigin) -> RequestBuilder { self.origin = origin; self } + /// <https://fetch.spec.whatwg.org/#concept-request-referrer-policy> pub fn referrer_policy(mut self, referrer_policy: ReferrerPolicy) -> RequestBuilder { self.referrer_policy = referrer_policy; self @@ -391,16 +440,25 @@ impl RequestBuilder { self } + /// <https://fetch.spec.whatwg.org/#concept-request-redirect-mode> pub fn redirect_mode(mut self, redirect_mode: RedirectMode) -> RequestBuilder { self.redirect_mode = redirect_mode; self } + /// <https://fetch.spec.whatwg.org/#concept-request-integrity-metadata> pub fn integrity_metadata(mut self, integrity_metadata: String) -> RequestBuilder { self.integrity_metadata = integrity_metadata; self } + /// <https://fetch.spec.whatwg.org/#concept-request-nonce-metadata> + pub fn cryptographic_nonce_metadata(mut self, nonce_metadata: String) -> RequestBuilder { + self.cryptographic_nonce_metadata = nonce_metadata; + self + } + + /// <https://fetch.spec.whatwg.org/#concept-request-parser-metadata> pub fn parser_metadata(mut self, parser_metadata: ParserMetadata) -> RequestBuilder { self.parser_metadata = parser_metadata; self @@ -421,6 +479,7 @@ impl RequestBuilder { self } + /// <https://fetch.spec.whatwg.org/#concept-request-policy-container> pub fn policy_container(mut self, policy_container: PolicyContainer) -> RequestBuilder { self.policy_container = RequestPolicyContainer::PolicyContainer(policy_container); self @@ -434,6 +493,7 @@ impl RequestBuilder { self } + /// <https://fetch.spec.whatwg.org/#request-service-workers-mode> pub fn service_workers_mode( mut self, service_workers_mode: ServiceWorkersMode, @@ -442,6 +502,7 @@ impl RequestBuilder { self } + /// <https://fetch.spec.whatwg.org/#concept-request-cache-mode> pub fn cache_mode(mut self, cache_mode: CacheMode) -> RequestBuilder { self.cache_mode = cache_mode; self @@ -479,6 +540,7 @@ impl RequestBuilder { request.redirect_count = url_list.len() as u32 - 1; request.url_list = url_list; request.integrity_metadata = self.integrity_metadata; + request.cryptographic_nonce_metadata = self.cryptographic_nonce_metadata; request.parser_metadata = self.parser_metadata; request.response_tainting = self.response_tainting; request.crash = self.crash; @@ -543,6 +605,8 @@ pub struct Request { pub redirect_mode: RedirectMode, /// <https://fetch.spec.whatwg.org/#concept-request-integrity-metadata> pub integrity_metadata: String, + /// <https://fetch.spec.whatwg.org/#concept-request-nonce-metadata> + pub cryptographic_nonce_metadata: String, // Use the last method on url_list to act as spec current url field, and // first method to act as spec url field /// <https://fetch.spec.whatwg.org/#concept-request-url-list> @@ -597,6 +661,7 @@ impl Request { cache_mode: CacheMode::Default, redirect_mode: RedirectMode::Follow, integrity_metadata: String::new(), + cryptographic_nonce_metadata: String::new(), url_list: vec![url], parser_metadata: ParserMetadata::Default, redirect_count: 0, diff --git a/tests/wpt/meta/html/dom/idlharness.https.html.ini b/tests/wpt/meta/html/dom/idlharness.https.html.ini index 6ef39b12b1b..4023da292a6 100644 --- a/tests/wpt/meta/html/dom/idlharness.https.html.ini +++ b/tests/wpt/meta/html/dom/idlharness.https.html.ini @@ -6121,9 +6121,6 @@ [HTMLElement interface: attribute inputMode] expected: FAIL - [HTMLElement interface: attribute nonce] - expected: FAIL - [HTMLElement interface: attribute tabIndex] expected: FAIL @@ -6208,9 +6205,6 @@ [HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type] expected: FAIL - [HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type] - expected: FAIL - [HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type] expected: FAIL diff --git a/tests/wpt/meta/html/dom/reflection-metadata.html.ini b/tests/wpt/meta/html/dom/reflection-metadata.html.ini index bb862772dd0..8e95b7fd3c1 100644 --- a/tests/wpt/meta/html/dom/reflection-metadata.html.ini +++ b/tests/wpt/meta/html/dom/reflection-metadata.html.ini @@ -1523,120 +1523,6 @@ [link.as: IDL set to "xſlt"] expected: FAIL - [link.nonce: typeof IDL attribute] - expected: FAIL - - [link.nonce: IDL get with DOM attribute unset] - expected: FAIL - - [link.nonce: setAttribute() to ""] - expected: FAIL - - [link.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "] - expected: FAIL - - [link.nonce: setAttribute() to undefined] - expected: FAIL - - [link.nonce: setAttribute() to 7] - expected: FAIL - - [link.nonce: setAttribute() to 1.5] - expected: FAIL - - [link.nonce: setAttribute() to "5%"] - expected: FAIL - - [link.nonce: setAttribute() to "+100"] - expected: FAIL - - [link.nonce: setAttribute() to ".5"] - expected: FAIL - - [link.nonce: setAttribute() to true] - expected: FAIL - - [link.nonce: setAttribute() to false] - expected: FAIL - - [link.nonce: setAttribute() to object "[object Object\]"] - expected: FAIL - - [link.nonce: setAttribute() to NaN] - expected: FAIL - - [link.nonce: setAttribute() to Infinity] - expected: FAIL - - [link.nonce: setAttribute() to -Infinity] - expected: FAIL - - [link.nonce: setAttribute() to "\\0"] - expected: FAIL - - [link.nonce: setAttribute() to null] - expected: FAIL - - [link.nonce: setAttribute() to object "test-toString"] - expected: FAIL - - [link.nonce: setAttribute() to object "test-valueOf"] - expected: FAIL - - [link.nonce: IDL set to ""] - expected: FAIL - - [link.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "] - expected: FAIL - - [link.nonce: IDL set to undefined] - expected: FAIL - - [link.nonce: IDL set to 7] - expected: FAIL - - [link.nonce: IDL set to 1.5] - expected: FAIL - - [link.nonce: IDL set to "5%"] - expected: FAIL - - [link.nonce: IDL set to "+100"] - expected: FAIL - - [link.nonce: IDL set to ".5"] - expected: FAIL - - [link.nonce: IDL set to true] - expected: FAIL - - [link.nonce: IDL set to false] - expected: FAIL - - [link.nonce: IDL set to object "[object Object\]"] - expected: FAIL - - [link.nonce: IDL set to NaN] - expected: FAIL - - [link.nonce: IDL set to Infinity] - expected: FAIL - - [link.nonce: IDL set to -Infinity] - expected: FAIL - - [link.nonce: IDL set to "\\0"] - expected: FAIL - - [link.nonce: IDL set to null] - expected: FAIL - - [link.nonce: IDL set to object "test-toString"] - expected: FAIL - - [link.nonce: IDL set to object "test-valueOf"] - expected: FAIL - [meta.accessKey: typeof IDL attribute] expected: FAIL @@ -2135,120 +2021,6 @@ [style.tabIndex: IDL set to -2147483648] expected: FAIL - [style.nonce: typeof IDL attribute] - expected: FAIL - - [style.nonce: IDL get with DOM attribute unset] - expected: FAIL - - [style.nonce: setAttribute() to ""] - expected: FAIL - - [style.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "] - expected: FAIL - - [style.nonce: setAttribute() to undefined] - expected: FAIL - - [style.nonce: setAttribute() to 7] - expected: FAIL - - [style.nonce: setAttribute() to 1.5] - expected: FAIL - - [style.nonce: setAttribute() to "5%"] - expected: FAIL - - [style.nonce: setAttribute() to "+100"] - expected: FAIL - - [style.nonce: setAttribute() to ".5"] - expected: FAIL - - [style.nonce: setAttribute() to true] - expected: FAIL - - [style.nonce: setAttribute() to false] - expected: FAIL - - [style.nonce: setAttribute() to object "[object Object\]"] - expected: FAIL - - [style.nonce: setAttribute() to NaN] - expected: FAIL - - [style.nonce: setAttribute() to Infinity] - expected: FAIL - - [style.nonce: setAttribute() to -Infinity] - expected: FAIL - - [style.nonce: setAttribute() to "\\0"] - expected: FAIL - - [style.nonce: setAttribute() to null] - expected: FAIL - - [style.nonce: setAttribute() to object "test-toString"] - expected: FAIL - - [style.nonce: setAttribute() to object "test-valueOf"] - expected: FAIL - - [style.nonce: IDL set to ""] - expected: FAIL - - [style.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "] - expected: FAIL - - [style.nonce: IDL set to undefined] - expected: FAIL - - [style.nonce: IDL set to 7] - expected: FAIL - - [style.nonce: IDL set to 1.5] - expected: FAIL - - [style.nonce: IDL set to "5%"] - expected: FAIL - - [style.nonce: IDL set to "+100"] - expected: FAIL - - [style.nonce: IDL set to ".5"] - expected: FAIL - - [style.nonce: IDL set to true] - expected: FAIL - - [style.nonce: IDL set to false] - expected: FAIL - - [style.nonce: IDL set to object "[object Object\]"] - expected: FAIL - - [style.nonce: IDL set to NaN] - expected: FAIL - - [style.nonce: IDL set to Infinity] - expected: FAIL - - [style.nonce: IDL set to -Infinity] - expected: FAIL - - [style.nonce: IDL set to "\\0"] - expected: FAIL - - [style.nonce: IDL set to null] - expected: FAIL - - [style.nonce: IDL set to object "test-toString"] - expected: FAIL - - [style.nonce: IDL set to object "test-valueOf"] - expected: FAIL - [head.tabIndex: setAttribute() to "7\\v"] expected: FAIL diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini deleted file mode 100644 index 359885bb37d..00000000000 --- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini +++ /dev/null @@ -1,10 +0,0 @@ -[code-cache-nonce.html] - expected: ERROR - [First dynamic import should use nonce=abc] - expected: TIMEOUT - - [Second dynamic import should use nonce=def] - expected: NOTRUN - - [Third dynamic import should use nonce=ghi] - expected: NOTRUN diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini deleted file mode 100644 index 1ecf634225f..00000000000 --- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[propagate-nonce-external-classic.html] - expected: TIMEOUT diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini deleted file mode 100644 index 2874543423a..00000000000 --- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini +++ /dev/null @@ -1,2 +0,0 @@ -[propagate-nonce-inline-classic.html] - expected: TIMEOUT diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini index cb8c561fb65..eb08f590857 100644 --- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini +++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini @@ -1,2 +1,3 @@ [propagate-nonce-inline-module.html] - expected: TIMEOUT + [Dynamically imported module should eval when imported from script w/ a valid nonce.] + expected: FAIL diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini index 48c8e4840d1..6c4f4e4311b 100644 --- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini +++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini @@ -1,5 +1,4 @@ [string-compilation-nonce-classic.html] - expected: TIMEOUT [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail] expected: FAIL diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini index 0ef4435c360..aef6f76d69e 100644 --- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini +++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini @@ -1,7 +1,15 @@ [string-compilation-nonce-module.html] - expected: TIMEOUT [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail] expected: FAIL [inline event handlers triggered via UA code must not inherit the nonce from the triggering script, thus fail] expected: FAIL + + [direct eval must inherit the nonce from the triggering script, thus execute] + expected: FAIL + + [indirect eval must inherit the nonce from the triggering script, thus execute] + expected: FAIL + + [the Function constructor must inherit the nonce from the triggering script, thus execute] + expected: FAIL diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini deleted file mode 100644 index e8c2de6a972..00000000000 --- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini +++ /dev/null @@ -1,31 +0,0 @@ -[v8-code-cache.html] - expected: ERROR - [text/javascript: Run #1] - expected: TIMEOUT - - [text/javascript: Run #2] - expected: NOTRUN - - [text/javascript: Run #3] - expected: NOTRUN - - [text/javascript: Run #4] - expected: NOTRUN - - [text/javascript: Run #5] - expected: NOTRUN - - [module: Run #1] - expected: NOTRUN - - [module: Run #2] - expected: NOTRUN - - [module: Run #3] - expected: NOTRUN - - [module: Run #4] - expected: NOTRUN - - [module: Run #5] - expected: NOTRUN |