From 1b6b21cb8579622955e2a25c59ebb2bb0875b169 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20W=C3=BClker?= <simon.wuelker@arcor.de>
Date: Mon, 10 Mar 2025 10:25:34 +0100
Subject: Implement `nonce` attribute to pass more CSP checks (#35876)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add doc comments to RequestBuilder fields/methods

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement Request::cryptographic_nonce_metadata

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement HTMLOrSVGElement::nonce

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request cryptographic nonce metadata for link elements

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request's cryptographic nonce when fetching scripts

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Forward request nonce to rust-content-security-policy

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Update WPT expectations

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---
 .../dynamic-import/code-cache-nonce.html.ini       | 10 -------
 .../propagate-nonce-external-classic.html.ini      |  2 --
 .../propagate-nonce-inline-classic.html.ini        |  2 --
 .../propagate-nonce-inline-module.html.ini         |  3 ++-
 .../string-compilation-nonce-classic.html.ini      |  1 -
 .../string-compilation-nonce-module.html.ini       | 10 ++++++-
 .../module/dynamic-import/v8-code-cache.html.ini   | 31 ----------------------
 7 files changed, 11 insertions(+), 48 deletions(-)
 delete mode 100644 tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini
 delete mode 100644 tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini
 delete mode 100644 tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini
 delete mode 100644 tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini

(limited to 'tests/wpt/meta/html/semantics/scripting-1')

diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini
deleted file mode 100644
index 359885bb37d..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-[code-cache-nonce.html]
-  expected: ERROR
-  [First dynamic import should use nonce=abc]
-    expected: TIMEOUT
-
-  [Second dynamic import should use nonce=def]
-    expected: NOTRUN
-
-  [Third dynamic import should use nonce=ghi]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini
deleted file mode 100644
index 1ecf634225f..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-[propagate-nonce-external-classic.html]
-  expected: TIMEOUT
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini
deleted file mode 100644
index 2874543423a..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-[propagate-nonce-inline-classic.html]
-  expected: TIMEOUT
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini
index cb8c561fb65..eb08f590857 100644
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini
+++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini
@@ -1,2 +1,3 @@
 [propagate-nonce-inline-module.html]
-  expected: TIMEOUT
+  [Dynamically imported module should eval when imported from script w/ a valid nonce.]
+    expected: FAIL
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini
index 48c8e4840d1..6c4f4e4311b 100644
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini
+++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini
@@ -1,5 +1,4 @@
 [string-compilation-nonce-classic.html]
-  expected: TIMEOUT
   [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
 
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini
index 0ef4435c360..aef6f76d69e 100644
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini
+++ b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini
@@ -1,7 +1,15 @@
 [string-compilation-nonce-module.html]
-  expected: TIMEOUT
   [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
 
   [inline event handlers triggered via UA code must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
+
+  [direct eval must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
+
+  [indirect eval must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
+
+  [the Function constructor must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
diff --git a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini b/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini
deleted file mode 100644
index e8c2de6a972..00000000000
--- a/tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini
+++ /dev/null
@@ -1,31 +0,0 @@
-[v8-code-cache.html]
-  expected: ERROR
-  [text/javascript: Run #1]
-    expected: TIMEOUT
-
-  [text/javascript: Run #2]
-    expected: NOTRUN
-
-  [text/javascript: Run #3]
-    expected: NOTRUN
-
-  [text/javascript: Run #4]
-    expected: NOTRUN
-
-  [text/javascript: Run #5]
-    expected: NOTRUN
-
-  [module: Run #1]
-    expected: NOTRUN
-
-  [module: Run #2]
-    expected: NOTRUN
-
-  [module: Run #3]
-    expected: NOTRUN
-
-  [module: Run #4]
-    expected: NOTRUN
-
-  [module: Run #5]
-    expected: NOTRUN
-- 
cgit v1.2.3