Implement `nonce` attribute to pass more CSP checks (#35876)

* Add doc comments to RequestBuilder fields/methods Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement Request::cryptographic_nonce_metadata Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement HTMLOrSVGElement::nonce Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Set request cryptographic nonce metadata for link elements Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Set request's cryptographic nonce when fetching scripts Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Forward request nonce to rust-content-security-policy Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update WPT expectations Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
author: Simon Wülker <simon.wuelker@arcor.de> 2025-03-10 10:25:34 +0100
committer: GitHub <noreply@github.com> 2025-03-10 09:25:34 +0000
commit: 1b6b21cb8579622955e2a25c59ebb2bb0875b169 (patch)
tree: 922bc204a8fbb0958493e594d33b2d2e103f295f /tests/wpt/meta/html
parent: ce4ba309924ffa35e0dd4309527586b8f0c22b75 (diff)
download: servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.tar.gz
servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.zip
9 files changed, 11 insertions, 282 deletions
diff --git a/tests/wpt/meta/html/dom/idlharness.https.html.ini b/tests/wpt/meta/html/dom/idlharness.https.html.ini
index 6ef39b12b1b..4023da292a6 100644
--- a/tests/wpt/meta/html/dom/idlharness.https.html.ini
+++ b/tests/wpt/meta/html/dom/idlharness.https.html.ini
@@ -6121,9 +6121,6 @@
   [HTMLElement interface: attribute inputMode]
     expected: FAIL
 
-  [HTMLElement interface: attribute nonce]
-    expected: FAIL
-
   [HTMLElement interface: attribute tabIndex]
     expected: FAIL
 
@@ -6208,9 +6205,6 @@
   [HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type]
     expected: FAIL
 
-  [HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type]
-    expected: FAIL
-
   [HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type]
     expected: FAIL
 
diff --git a/tests/wpt/meta/html/dom/reflection-metadata.html.ini b/tests/wpt/meta/html/dom/reflection-metadata.html.ini
index bb862772dd0..8e95b7fd3c1 100644
--- a/tests/wpt/meta/html/dom/reflection-metadata.html.ini
+++ b/tests/wpt/meta/html/dom/reflection-metadata.html.ini
@@ -1523,120 +1523,6 @@
   [link.as: IDL set to "xſlt"]
     expected: FAIL
 
-  [link.nonce: typeof IDL attribute]
-    expected: FAIL
-
-  [link.nonce: IDL get with DOM attribute unset]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to ""]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to undefined]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to 7]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to 1.5]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to "5%"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to "+100"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to ".5"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to true]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to false]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to object "[object Object\]"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to NaN]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to Infinity]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to -Infinity]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to "\\0"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to null]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to object "test-toString"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to object "test-valueOf"]
-    expected: FAIL
-
-  [link.nonce: IDL set to ""]
-    expected: FAIL
-
-  [link.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [link.nonce: IDL set to undefined]
-    expected: FAIL
-
-  [link.nonce: IDL set to 7]
-    expected: FAIL
-
-  [link.nonce: IDL set to 1.5]
-    expected: FAIL
-
-  [link.nonce: IDL set to "5%"]
-    expected: FAIL
-
-  [link.nonce: IDL set to "+100"]
-    expected: FAIL
-
-  [link.nonce: IDL set to ".5"]
-    expected: FAIL
-
-  [link.nonce: IDL set to true]
-    expected: FAIL
-
-  [link.nonce: IDL set to false]
-    expected: FAIL
-
-  [link.nonce: IDL set to object "[object Object\]"]
-    expected: FAIL
-
-  [link.nonce: IDL set to NaN]
-    expected: FAIL
-
-  [link.nonce: IDL set to Infinity]
-    expected: FAIL
-
-  [link.nonce: IDL set to -Infinity]
-    expected: FAIL
-
-  [link.nonce: IDL set to "\\0"]
-    expected: FAIL
-
-  [link.nonce: IDL set to null]
-    expected: FAIL
-
-  [link.nonce: IDL set to object "test-toString"]
-    expected: FAIL
-
-  [link.nonce: IDL set to object "test-valueOf"]
-    expected: FAIL
-
   [meta.accessKey: typeof IDL attribute]
     expected: FAIL
 
@@ -2135,120 +2021,6 @@
   [style.tabIndex: IDL set to -2147483648]
     expected: FAIL
 
-  [style.nonce: typeof IDL attribute]
-    expected: FAIL
-
-  [style.nonce: IDL get with DOM attribute unset]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to ""]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to undefined]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to 7]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to 1.5]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to "5%"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to "+100"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to ".5"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to true]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to false]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to object "[object Object\]"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to NaN]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to Infinity]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to -Infinity]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to "\\0"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to null]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to object "test-toString"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to object "test-valueOf"]
-    expected: FAIL
-
-  [style.nonce: IDL set to ""]
-    expected: FAIL
-
-  [style.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [style.nonce: IDL set to undefined]
-    expected: FAIL
-
-  [style.nonce: IDL set to 7]
-    expected: FAIL
-
-  [style.nonce: IDL set to 1.5]
-    expected: FAIL
-
-  [style.nonce: IDL set to "5%"]
-    expected: FAIL
-
-  [style.nonce: IDL set to "+100"]
-    expected: FAIL
-
-  [style.nonce: IDL set to ".5"]
-    expected: FAIL
-
-  [style.nonce: IDL set to true]
-    expected: FAIL
-
-  [style.nonce: IDL set to false]
-    expected: FAIL
-
-  [style.nonce: IDL set to object "[object Object\]"]
-    expected: FAIL
-
-  [style.nonce: IDL set to NaN]
-    expected: FAIL
-
-  [style.nonce: IDL set to Infinity]
-    expected: FAIL
-
-  [style.nonce: IDL set to -Infinity]
-    expected: FAIL
-
-  [style.nonce: IDL set to "\\0"]
-    expected: FAIL
-
-  [style.nonce: IDL set to null]
-    expected: FAIL
-
-  [style.nonce: IDL set to object "test-toString"]
-    expected: FAIL
-
-  [style.nonce: IDL set to object "test-valueOf"]
-    expected: FAIL
-
   [head.tabIndex: setAttribute() to "7\\v"]
     expected: FAIL
 
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini
deleted file mode 100644
index 359885bb37d..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-[code-cache-nonce.html]
-  expected: ERROR
-  [First dynamic import should use nonce=abc]
-    expected: TIMEOUT
-
-  [Second dynamic import should use nonce=def]
-    expected: NOTRUN
-
-  [Third dynamic import should use nonce=ghi]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini
deleted file mode 100644
index 1ecf634225f..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-[propagate-nonce-external-classic.html]
-  expected: TIMEOUT
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini
deleted file mode 100644
index 2874543423a..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-[propagate-nonce-inline-classic.html]
-  expected: TIMEOUT
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini
index cb8c561fb65..eb08f590857 100644
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini
+++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini
@@ -1,2 +1,3 @@
 [propagate-nonce-inline-module.html]
-  expected: TIMEOUT
+  [Dynamically imported module should eval when imported from script w/ a valid nonce.]
+    expected: FAIL
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini
index 48c8e4840d1..6c4f4e4311b 100644
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini
+++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini
@@ -1,5 +1,4 @@
 [string-compilation-nonce-classic.html]
-  expected: TIMEOUT
   [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
 
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini
index 0ef4435c360..aef6f76d69e 100644
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini
+++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini
@@ -1,7 +1,15 @@
 [string-compilation-nonce-module.html]
-  expected: TIMEOUT
   [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
 
   [inline event handlers triggered via UA code must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
+
+  [direct eval must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
+
+  [indirect eval must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
+
+  [the Function constructor must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini
deleted file mode 100644
index e8c2de6a972..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini
+++ /dev/null
@@ -1,31 +0,0 @@
-[v8-code-cache.html]
-  expected: ERROR
-  [text/javascript: Run #1]
-    expected: TIMEOUT
-
-  [text/javascript: Run #2]
-    expected: NOTRUN
-
-  [text/javascript: Run #3]
-    expected: NOTRUN
-
-  [text/javascript: Run #4]
-    expected: NOTRUN
-
-  [text/javascript: Run #5]
-    expected: NOTRUN
-
-  [module: Run #1]
-    expected: NOTRUN
-
-  [module: Run #2]
-    expected: NOTRUN
-
-  [module: Run #3]
-    expected: NOTRUN
-
-  [module: Run #4]
-    expected: NOTRUN
-
-  [module: Run #5]
-    expected: NOTRUN
author	Simon Wülker <simon.wuelker@arcor.de>	2025-03-10 10:25:34 +0100
committer	GitHub <noreply@github.com>	2025-03-10 09:25:34 +0000
commit	1b6b21cb8579622955e2a25c59ebb2bb0875b169 (patch)
tree	922bc204a8fbb0958493e594d33b2d2e103f295f /tests/wpt/meta/html
parent	ce4ba309924ffa35e0dd4309527586b8f0c22b75 (diff)
download	servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.tar.gz servo-1b6b21cb8579622955e2a25c59ebb2bb0875b169.zip