Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

Implement nonce attribute to pass more CSP checks (#35876)

Browse source 
* Add doc comments to RequestBuilder fields/methods

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement Request::cryptographic_nonce_metadata

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement HTMLOrSVGElement::nonce

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request cryptographic nonce metadata for link elements

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request's cryptographic nonce when fetching scripts

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Forward request nonce to rust-content-security-policy

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Update WPT expectations

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This commit is contained in:
Simon Wülker 2025-03-10 10:25:34 +01:00 committed by GitHub
parent ce4ba30992
commit 1b6b21cb85
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 111 additions and 289 deletions
Download patch file Download diff file Expand all files Collapse all files

2
components/net/fetch/methods.rs
View file

@ -183,7 +183,7 @@ pub fn should_request_be_blocked_by_csp(
redirect_count: request.redirect_count,
destination: request.destination,
initiator: csp::Initiator::None,
nonce: String::new(),
nonce: request.cryptographic_nonce_metadata.clone(),
integrity_metadata: request.integrity_metadata.clone(),
parser_metadata: csp::ParserMetadata::None,
};

8
components/script/dom/htmlelement.rs
View file

@ -641,6 +641,14 @@ impl HTMLElementMethods<crate::DomTypeHolder> for HTMLElement {
Ok(internals)
}
// FIXME: The nonce should be stored in an internal slot instead of an
// attribute (https://html.spec.whatwg.org/multipage/#cryptographicnonce)
// https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce
make_getter!(Nonce, "nonce");
// https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce
make_setter!(SetNonce, "nonce");
// https://html.spec.whatwg.org/multipage/#dom-fe-autofocus
fn Autofocus(&self) -> bool {
self.element.has_attribute(&local_name!("autofocus"))

8
components/script/dom/htmllinkelement.rs
View file

@ -30,11 +30,11 @@ use style::parser::ParserContext as CssParserContext;
use style::stylesheets::{CssRuleType, Origin, Stylesheet, UrlExtraData};
use style_traits::ParsingMode;
use super::types::{EventTarget, GlobalScope};
use crate::dom::attr::Attr;
use crate::dom::bindings::cell::DomRefCell;
use crate::dom::bindings::codegen::Bindings::DOMTokenListBinding::DOMTokenList_Binding::DOMTokenListMethods;
use crate::dom::bindings::codegen::Bindings::HTMLLinkElementBinding::HTMLLinkElementMethods;
use crate::dom::bindings::codegen::GenericBindings::HTMLElementBinding::HTMLElement_Binding::HTMLElementMethods;
use crate::dom::bindings::inheritance::Castable;
use crate::dom::bindings::refcounted::Trusted;
use crate::dom::bindings::reflector::DomGlobal;
@ -52,6 +52,7 @@ use crate::dom::htmlelement::HTMLElement;
use crate::dom::node::{BindContext, Node, NodeTraits, UnbindContext};
use crate::dom::performanceresourcetiming::InitiatorType;
use crate::dom::stylesheet::StyleSheet as DOMStyleSheet;
use crate::dom::types::{EventTarget, GlobalScope};
use crate::dom::virtualmethods::VirtualMethods;
use crate::fetch::create_a_potential_cors_request;
use crate::links::LinkRelations;
@ -74,6 +75,7 @@ struct LinkProcessingOptions {
destination: Option<Destination>,
integrity: String,
link_type: String,
cryptographic_nonce_metadata: String,
cross_origin: Option<CorsSettings>,
referrer_policy: ReferrerPolicy,
policy_container: PolicyContainer,
@ -324,6 +326,7 @@ impl HTMLLinkElement {
destination: Some(destination),
integrity: String::new(),
link_type: String::new(),
cryptographic_nonce_metadata: self.upcast::<HTMLElement>().Nonce().into(),
cross_origin: cors_setting_for_element(element),
referrer_policy: referrer_policy_for_element(element),
policy_container: document.policy_container().to_owned(),
@ -651,7 +654,7 @@ impl LinkProcessingOptions {
// url, options's destination, and options's crossorigin.
// Step 6. Set request's policy container to options's policy container.
// Step 7. Set request's integrity metadata to options's integrity.
// FIXME: Step 8. Set request's cryptographic nonce metadata to options's cryptographic nonce metadata.
// Step 8. Set request's cryptographic nonce metadata to options's cryptographic nonce metadata.
// Step 9. Set request's referrer policy to options's referrer policy.
// FIXME: Step 10. Set request's client to options's environment.
// FIXME: Step 11. Set request's priority to options's fetch priority.
@ -667,6 +670,7 @@ impl LinkProcessingOptions {
)
.integrity_metadata(self.integrity)
.policy_container(self.policy_container)
.cryptographic_nonce_metadata(self.cryptographic_nonce_metadata)
.referrer_policy(self.referrer_policy);
// Step 12. Return request.

4
components/script/dom/htmlscriptelement.rs
View file

@ -41,6 +41,7 @@ use crate::dom::attr::Attr;
use crate::dom::bindings::codegen::Bindings::DocumentBinding::DocumentMethods;
use crate::dom::bindings::codegen::Bindings::HTMLScriptElementBinding::HTMLScriptElementMethods;
use crate::dom::bindings::codegen::Bindings::NodeBinding::NodeMethods;
use crate::dom::bindings::codegen::GenericBindings::HTMLElementBinding::HTMLElement_Binding::HTMLElementMethods;
use crate::dom::bindings::inheritance::Castable;
use crate::dom::bindings::refcounted::Trusted;
use crate::dom::bindings::reflector::DomGlobal;
@ -582,6 +583,7 @@ pub(crate) fn script_fetch_request(
.parser_metadata(options.parser_metadata)
.integrity_metadata(options.integrity_metadata.clone())
.referrer_policy(options.referrer_policy)
.cryptographic_nonce_metadata(options.cryptographic_nonce)
}
/// <https://html.spec.whatwg.org/multipage/#fetch-a-classic-script>
@ -776,7 +778,7 @@ impl HTMLScriptElement {
// Step 29. Fetch options.
let options = ScriptFetchOptions {
cryptographic_nonce: "".into(),
cryptographic_nonce: self.upcast::<HTMLElement>().Nonce().into(),
integrity_metadata: integrity_metadata.to_owned(),
parser_metadata,
referrer: self.global().get_referrer(),

6
components/script/dom/servoparser/prefetch.rs
View file

@ -109,6 +109,10 @@ impl TokenSink for PrefetchSink {
.get_attr(tag, local_name!("integrity"))
.map(|attr| String::from(&attr.value))
.unwrap_or_default();
let cryptographic_nonce = self
.get_attr(tag, local_name!("nonce"))
.map(|attr| String::from(&attr.value))
.unwrap_or_default();
let request = script_fetch_request(
self.webview_id,
url,
@ -119,7 +123,7 @@ impl TokenSink for PrefetchSink {
referrer: self.referrer.clone(),
referrer_policy: self.referrer_policy,
integrity_metadata,
cryptographic_nonce: String::new(),
cryptographic_nonce,
credentials_mode: CredentialsMode::CredentialsSameOrigin,
parser_metadata: ParserMetadata::ParserInserted,
},

9
components/script/dom/svgelement.rs
View file

@ -5,6 +5,7 @@
use dom_struct::dom_struct;
use html5ever::{LocalName, Prefix, local_name, namespace_url, ns};
use js::rust::HandleObject;
use script_bindings::str::DOMString;
use style_dom::ElementState;
use crate::dom::bindings::codegen::Bindings::SVGElementBinding::SVGElementMethods;
@ -81,6 +82,14 @@ impl SVGElementMethods<crate::DomTypeHolder> for SVGElement {
})
}
// FIXME: The nonce should be stored in an internal slot instead of an
// attribute (https://html.spec.whatwg.org/multipage/#cryptographicnonce)
// https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce
make_getter!(Nonce, "nonce");
// https://html.spec.whatwg.org/multipage/#dom-noncedelement-nonce
make_setter!(SetNonce, "nonce");
// https://html.spec.whatwg.org/multipage/#dom-fe-autofocus
fn Autofocus(&self) -> bool {
self.element.has_attribute(&local_name!("autofocus"))

1
components/script/fetch.rs
View file

@ -117,6 +117,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder {
target_webview_id: request.target_webview_id,
redirect_mode: request.redirect_mode,
integrity_metadata: request.integrity_metadata.clone(),
cryptographic_nonce_metadata: request.cryptographic_nonce_metadata.clone(),
url_list: vec![],
parser_metadata: request.parser_metadata,
initiator: request.initiator,

2
components/script_bindings/webidls/HTMLOrSVGElement.webidl
View file

@ -11,7 +11,7 @@
interface mixin HTMLOrSVGElement {
// [SameObject] readonly attribute DOMStringMap dataset;
// attribute DOMString nonce; // intentionally no [CEReactions]
attribute DOMString nonce; // intentionally no [CEReactions]
[CEReactions] attribute boolean autofocus;
// [CEReactions] attribute long tabIndex;

67
components/shared/net/request.rs
View file

@ -242,43 +242,81 @@ pub enum InsecureRequestsPolicy {
#[derive(Clone, Debug, Deserialize, MallocSizeOf, Serialize)]
pub struct RequestBuilder {
pub id: RequestId,
/// <https://fetch.spec.whatwg.org/#concept-request-method>
#[serde(
deserialize_with = "::hyper_serde::deserialize",
serialize_with = "::hyper_serde::serialize"
)]
#[ignore_malloc_size_of = "Defined in hyper"]
pub method: Method,
/// <https://fetch.spec.whatwg.org/#concept-request-url>
pub url: ServoUrl,
/// <https://fetch.spec.whatwg.org/#concept-request-header-list>
#[serde(
deserialize_with = "::hyper_serde::deserialize",
serialize_with = "::hyper_serde::serialize"
)]
#[ignore_malloc_size_of = "Defined in hyper"]
pub headers: HeaderMap,
/// <https://fetch.spec.whatwg.org/#unsafe-request-flag>
pub unsafe_request: bool,
/// <https://fetch.spec.whatwg.org/#concept-request-body>
pub body: Option<RequestBody>,
/// <https://fetch.spec.whatwg.org/#request-service-workers-mode>
pub service_workers_mode: ServiceWorkersMode,
// TODO: client object
/// <https://fetch.spec.whatwg.org/#concept-request-destination>
pub destination: Destination,
pub synchronous: bool,
pub mode: RequestMode,
/// <https://fetch.spec.whatwg.org/#concept-request-cache-mode>
pub cache_mode: CacheMode,
/// <https://fetch.spec.whatwg.org/#use-cors-preflight-flag>
pub use_cors_preflight: bool,
/// <https://fetch.spec.whatwg.org/#concept-request-credentials-mode>
pub credentials_mode: CredentialsMode,
pub use_url_credentials: bool,
/// <https://fetch.spec.whatwg.org/#concept-request-origin>
pub origin: ImmutableOrigin,
/// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
pub policy_container: RequestPolicyContainer,
pub insecure_requests_policy: InsecureRequestsPolicy,
// XXXManishearth these should be part of the client object
/// <https://fetch.spec.whatwg.org/#concept-request-referrer>
pub referrer: Referrer,
/// <https://fetch.spec.whatwg.org/#concept-request-referrer-policy>
pub referrer_policy: ReferrerPolicy,
pub pipeline_id: Option<PipelineId>,
pub target_webview_id: Option<WebViewId>,
/// <https://fetch.spec.whatwg.org/#concept-request-redirect-mode>
pub redirect_mode: RedirectMode,
/// <https://fetch.spec.whatwg.org/#concept-request-integrity-metadata>
pub integrity_metadata: String,
/// <https://fetch.spec.whatwg.org/#concept-request-nonce-metadata>
pub cryptographic_nonce_metadata: String,
// to keep track of redirects
pub url_list: Vec<ServoUrl>,
/// <https://fetch.spec.whatwg.org/#concept-request-parser-metadata>
pub parser_metadata: ParserMetadata,
/// <https://fetch.spec.whatwg.org/#concept-request-initiator>
pub initiator: Initiator,
pub https_state: HttpsState,
pub response_tainting: ResponseTainting,
@ -312,6 +350,7 @@ impl RequestBuilder {
target_webview_id: webview_id,
redirect_mode: RedirectMode::Follow,
integrity_metadata: "".to_owned(),
cryptographic_nonce_metadata: "".to_owned(),
url_list: vec![],
parser_metadata: ParserMetadata::Default,
initiator: Initiator::None,
@ -321,31 +360,37 @@ impl RequestBuilder {
}
}
/// <https://fetch.spec.whatwg.org/#concept-request-initiator>
pub fn initiator(mut self, initiator: Initiator) -> RequestBuilder {
self.initiator = initiator;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-method>
pub fn method(mut self, method: Method) -> RequestBuilder {
self.method = method;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-header-list>
pub fn headers(mut self, headers: HeaderMap) -> RequestBuilder {
self.headers = headers;
self
}
/// <https://fetch.spec.whatwg.org/#unsafe-request-flag>
pub fn unsafe_request(mut self, unsafe_request: bool) -> RequestBuilder {
self.unsafe_request = unsafe_request;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-body>
pub fn body(mut self, body: Option<RequestBody>) -> RequestBuilder {
self.body = body;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-destination>
pub fn destination(mut self, destination: Destination) -> RequestBuilder {
self.destination = destination;
self
@ -361,11 +406,13 @@ impl RequestBuilder {
self
}
/// <https://fetch.spec.whatwg.org/#use-cors-preflight-flag>
pub fn use_cors_preflight(mut self, use_cors_preflight: bool) -> RequestBuilder {
self.use_cors_preflight = use_cors_preflight;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-credentials-mode>
pub fn credentials_mode(mut self, credentials_mode: CredentialsMode) -> RequestBuilder {
self.credentials_mode = credentials_mode;
self
@ -376,11 +423,13 @@ impl RequestBuilder {
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-origin>
pub fn origin(mut self, origin: ImmutableOrigin) -> RequestBuilder {
self.origin = origin;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-referrer-policy>
pub fn referrer_policy(mut self, referrer_policy: ReferrerPolicy) -> RequestBuilder {
self.referrer_policy = referrer_policy;
self
@ -391,16 +440,25 @@ impl RequestBuilder {
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-redirect-mode>
pub fn redirect_mode(mut self, redirect_mode: RedirectMode) -> RequestBuilder {
self.redirect_mode = redirect_mode;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-integrity-metadata>
pub fn integrity_metadata(mut self, integrity_metadata: String) -> RequestBuilder {
self.integrity_metadata = integrity_metadata;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-nonce-metadata>
pub fn cryptographic_nonce_metadata(mut self, nonce_metadata: String) -> RequestBuilder {
self.cryptographic_nonce_metadata = nonce_metadata;
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-parser-metadata>
pub fn parser_metadata(mut self, parser_metadata: ParserMetadata) -> RequestBuilder {
self.parser_metadata = parser_metadata;
self
@ -421,6 +479,7 @@ impl RequestBuilder {
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
pub fn policy_container(mut self, policy_container: PolicyContainer) -> RequestBuilder {
self.policy_container = RequestPolicyContainer::PolicyContainer(policy_container);
self
@ -434,6 +493,7 @@ impl RequestBuilder {
self
}
/// <https://fetch.spec.whatwg.org/#request-service-workers-mode>
pub fn service_workers_mode(
mut self,
service_workers_mode: ServiceWorkersMode,
@ -442,6 +502,7 @@ impl RequestBuilder {
self
}
/// <https://fetch.spec.whatwg.org/#concept-request-cache-mode>
pub fn cache_mode(mut self, cache_mode: CacheMode) -> RequestBuilder {
self.cache_mode = cache_mode;
self
@ -479,6 +540,7 @@ impl RequestBuilder {
request.redirect_count = url_list.len() as u32 - 1;
request.url_list = url_list;
request.integrity_metadata = self.integrity_metadata;
request.cryptographic_nonce_metadata = self.cryptographic_nonce_metadata;
request.parser_metadata = self.parser_metadata;
request.response_tainting = self.response_tainting;
request.crash = self.crash;
@ -543,6 +605,8 @@ pub struct Request {
pub redirect_mode: RedirectMode,
/// <https://fetch.spec.whatwg.org/#concept-request-integrity-metadata>
pub integrity_metadata: String,
/// <https://fetch.spec.whatwg.org/#concept-request-nonce-metadata>
pub cryptographic_nonce_metadata: String,
// Use the last method on url_list to act as spec current url field, and
// first method to act as spec url field
/// <https://fetch.spec.whatwg.org/#concept-request-url-list>
@ -597,6 +661,7 @@ impl Request {
cache_mode: CacheMode::Default,
redirect_mode: RedirectMode::Follow,
integrity_metadata: String::new(),
cryptographic_nonce_metadata: String::new(),
url_list: vec![url],
parser_metadata: ParserMetadata::Default,
redirect_count: 0,

6
tests/wpt/meta/html/dom/idlharness.https.html.ini vendored
View file

@ -6121,9 +6121,6 @@
[HTMLElement interface: attribute inputMode]
expected: FAIL
[HTMLElement interface: attribute nonce]
expected: FAIL
[HTMLElement interface: attribute tabIndex]
expected: FAIL
@ -6208,9 +6205,6 @@
[HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type]
expected: FAIL
[HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type]
expected: FAIL
[HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type]
expected: FAIL

228
tests/wpt/meta/html/dom/reflection-metadata.html.ini vendored
View file

@ -1523,120 +1523,6 @@
[link.as: IDL set to "xſlt"]
expected: FAIL
[link.nonce: typeof IDL attribute]
expected: FAIL
[link.nonce: IDL get with DOM attribute unset]
expected: FAIL
[link.nonce: setAttribute() to ""]
expected: FAIL
[link.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[link.nonce: setAttribute() to undefined]
expected: FAIL
[link.nonce: setAttribute() to 7]
expected: FAIL
[link.nonce: setAttribute() to 1.5]
expected: FAIL
[link.nonce: setAttribute() to "5%"]
expected: FAIL
[link.nonce: setAttribute() to "+100"]
expected: FAIL
[link.nonce: setAttribute() to ".5"]
expected: FAIL
[link.nonce: setAttribute() to true]
expected: FAIL
[link.nonce: setAttribute() to false]
expected: FAIL
[link.nonce: setAttribute() to object "[object Object\]"]
expected: FAIL
[link.nonce: setAttribute() to NaN]
expected: FAIL
[link.nonce: setAttribute() to Infinity]
expected: FAIL
[link.nonce: setAttribute() to -Infinity]
expected: FAIL
[link.nonce: setAttribute() to "\\0"]
expected: FAIL
[link.nonce: setAttribute() to null]
expected: FAIL
[link.nonce: setAttribute() to object "test-toString"]
expected: FAIL
[link.nonce: setAttribute() to object "test-valueOf"]
expected: FAIL
[link.nonce: IDL set to ""]
expected: FAIL
[link.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[link.nonce: IDL set to undefined]
expected: FAIL
[link.nonce: IDL set to 7]
expected: FAIL
[link.nonce: IDL set to 1.5]
expected: FAIL
[link.nonce: IDL set to "5%"]
expected: FAIL
[link.nonce: IDL set to "+100"]
expected: FAIL
[link.nonce: IDL set to ".5"]
expected: FAIL
[link.nonce: IDL set to true]
expected: FAIL
[link.nonce: IDL set to false]
expected: FAIL
[link.nonce: IDL set to object "[object Object\]"]
expected: FAIL
[link.nonce: IDL set to NaN]
expected: FAIL
[link.nonce: IDL set to Infinity]
expected: FAIL
[link.nonce: IDL set to -Infinity]
expected: FAIL
[link.nonce: IDL set to "\\0"]
expected: FAIL
[link.nonce: IDL set to null]
expected: FAIL
[link.nonce: IDL set to object "test-toString"]
expected: FAIL
[link.nonce: IDL set to object "test-valueOf"]
expected: FAIL
[meta.accessKey: typeof IDL attribute]
expected: FAIL
@ -2135,120 +2021,6 @@
[style.tabIndex: IDL set to -2147483648]
expected: FAIL
[style.nonce: typeof IDL attribute]
expected: FAIL
[style.nonce: IDL get with DOM attribute unset]
expected: FAIL
[style.nonce: setAttribute() to ""]
expected: FAIL
[style.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[style.nonce: setAttribute() to undefined]
expected: FAIL
[style.nonce: setAttribute() to 7]
expected: FAIL
[style.nonce: setAttribute() to 1.5]
expected: FAIL
[style.nonce: setAttribute() to "5%"]
expected: FAIL
[style.nonce: setAttribute() to "+100"]
expected: FAIL
[style.nonce: setAttribute() to ".5"]
expected: FAIL
[style.nonce: setAttribute() to true]
expected: FAIL
[style.nonce: setAttribute() to false]
expected: FAIL
[style.nonce: setAttribute() to object "[object Object\]"]
expected: FAIL
[style.nonce: setAttribute() to NaN]
expected: FAIL
[style.nonce: setAttribute() to Infinity]
expected: FAIL
[style.nonce: setAttribute() to -Infinity]
expected: FAIL
[style.nonce: setAttribute() to "\\0"]
expected: FAIL
[style.nonce: setAttribute() to null]
expected: FAIL
[style.nonce: setAttribute() to object "test-toString"]
expected: FAIL
[style.nonce: setAttribute() to object "test-valueOf"]
expected: FAIL
[style.nonce: IDL set to ""]
expected: FAIL
[style.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[style.nonce: IDL set to undefined]
expected: FAIL
[style.nonce: IDL set to 7]
expected: FAIL
[style.nonce: IDL set to 1.5]
expected: FAIL
[style.nonce: IDL set to "5%"]
expected: FAIL
[style.nonce: IDL set to "+100"]
expected: FAIL
[style.nonce: IDL set to ".5"]
expected: FAIL
[style.nonce: IDL set to true]
expected: FAIL
[style.nonce: IDL set to false]
expected: FAIL
[style.nonce: IDL set to object "[object Object\]"]
expected: FAIL
[style.nonce: IDL set to NaN]
expected: FAIL
[style.nonce: IDL set to Infinity]
expected: FAIL
[style.nonce: IDL set to -Infinity]
expected: FAIL
[style.nonce: IDL set to "\\0"]
expected: FAIL
[style.nonce: IDL set to null]
expected: FAIL
[style.nonce: IDL set to object "test-toString"]
expected: FAIL
[style.nonce: IDL set to object "test-valueOf"]
expected: FAIL
[head.tabIndex: setAttribute() to "7\\v"]
expected: FAIL

10
tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini vendored
View file

@ -1,10 +0,0 @@
[code-cache-nonce.html]
expected: ERROR
[First dynamic import should use nonce=abc]
expected: TIMEOUT
[Second dynamic import should use nonce=def]
expected: NOTRUN
[Third dynamic import should use nonce=ghi]
expected: NOTRUN

2
tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini vendored
View file

@ -1,2 +0,0 @@
[propagate-nonce-external-classic.html]
expected: TIMEOUT

2
tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini vendored
View file

@ -1,2 +0,0 @@
[propagate-nonce-inline-classic.html]
expected: TIMEOUT

3
tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini vendored
View file

@ -1,2 +1,3 @@
[propagate-nonce-inline-module.html]
expected: TIMEOUT
[Dynamically imported module should eval when imported from script w/ a valid nonce.]
expected: FAIL

1
tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini vendored
View file

@ -1,5 +1,4 @@
[string-compilation-nonce-classic.html]
expected: TIMEOUT
[reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
expected: FAIL

10
tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini vendored
View file

@ -1,7 +1,15 @@
[string-compilation-nonce-module.html]
expected: TIMEOUT
[reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
expected: FAIL
[inline event handlers triggered via UA code must not inherit the nonce from the triggering script, thus fail]
expected: FAIL
[direct eval must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[indirect eval must inherit the nonce from the triggering script, thus execute]
expected: FAIL
[the Function constructor must inherit the nonce from the triggering script, thus execute]
expected: FAIL

31
tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini vendored
View file

@ -1,31 +0,0 @@
[v8-code-cache.html]
expected: ERROR
[text/javascript: Run #1]
expected: TIMEOUT
[text/javascript: Run #2]
expected: NOTRUN
[text/javascript: Run #3]
expected: NOTRUN
[text/javascript: Run #4]
expected: NOTRUN
[text/javascript: Run #5]
expected: NOTRUN
[module: Run #1]
expected: NOTRUN
[module: Run #2]
expected: NOTRUN
[module: Run #3]
expected: NOTRUN
[module: Run #4]
expected: NOTRUN
[module: Run #5]
expected: NOTRUN