Implement nonce attribute to pass more CSP checks (#35876)

* Add doc comments to RequestBuilder fields/methods Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement Request::cryptographic_nonce_metadata Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement HTMLOrSVGElement::nonce Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Set request cryptographic nonce metadata for link elements Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Set request's cryptographic nonce when fetching scripts Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Forward request nonce to rust-content-security-policy Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update WPT expectations Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-08-06 06:00:15 +01:00 · 2025-03-10 10:25:34 +01:00 · 2025-03-10 10:25:34 +01:00 · 1b6b21cb85
commit 1b6b21cb85
parent ce4ba30992
18 changed files with 111 additions and 289 deletions
--- a/components/script_bindings/webidls/HTMLOrSVGElement.webidl
+++ b/components/script_bindings/webidls/HTMLOrSVGElement.webidl
@ -11,7 +11,7 @@

 interface mixin HTMLOrSVGElement {
  // [SameObject] readonly attribute DOMStringMap dataset;
-  // attribute DOMString nonce; // intentionally no [CEReactions]
+  attribute DOMString nonce; // intentionally no [CEReactions]

  [CEReactions] attribute boolean autofocus;
  // [CEReactions] attribute long tabIndex;