Implement nonce attribute to pass more CSP checks (#35876)

* Add doc comments to RequestBuilder fields/methods

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement Request::cryptographic_nonce_metadata

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement HTMLOrSVGElement::nonce

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request cryptographic nonce metadata for link elements

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request's cryptographic nonce when fetching scripts

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Forward request nonce to rust-content-security-policy

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Update WPT expectations

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

tests/wpt/meta/html/dom/idlharness.https.html.ini

@@ -6121,9 +6121,6 @@
   [HTMLElement interface: attribute inputMode]
     expected: FAIL
 
-  [HTMLElement interface: attribute nonce]
-    expected: FAIL
-
   [HTMLElement interface: attribute tabIndex]
     expected: FAIL
 
@@ -6208,9 +6205,6 @@
   [HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type]
     expected: FAIL
 
-  [HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type]
-    expected: FAIL
-
   [HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type]
     expected: FAIL
 

tests/wpt/meta/html/dom/reflection-metadata.html.ini

@@ -1523,120 +1523,6 @@
   [link.as: IDL set to "xſlt"]
     expected: FAIL
 
-  [link.nonce: typeof IDL attribute]
-    expected: FAIL
-
-  [link.nonce: IDL get with DOM attribute unset]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to ""]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to undefined]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to 7]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to 1.5]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to "5%"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to "+100"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to ".5"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to true]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to false]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to object "[object Object\]"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to NaN]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to Infinity]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to -Infinity]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to "\\0"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to null]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to object "test-toString"]
-    expected: FAIL
-
-  [link.nonce: setAttribute() to object "test-valueOf"]
-    expected: FAIL
-
-  [link.nonce: IDL set to ""]
-    expected: FAIL
-
-  [link.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [link.nonce: IDL set to undefined]
-    expected: FAIL
-
-  [link.nonce: IDL set to 7]
-    expected: FAIL
-
-  [link.nonce: IDL set to 1.5]
-    expected: FAIL
-
-  [link.nonce: IDL set to "5%"]
-    expected: FAIL
-
-  [link.nonce: IDL set to "+100"]
-    expected: FAIL
-
-  [link.nonce: IDL set to ".5"]
-    expected: FAIL
-
-  [link.nonce: IDL set to true]
-    expected: FAIL
-
-  [link.nonce: IDL set to false]
-    expected: FAIL
-
-  [link.nonce: IDL set to object "[object Object\]"]
-    expected: FAIL
-
-  [link.nonce: IDL set to NaN]
-    expected: FAIL
-
-  [link.nonce: IDL set to Infinity]
-    expected: FAIL
-
-  [link.nonce: IDL set to -Infinity]
-    expected: FAIL
-
-  [link.nonce: IDL set to "\\0"]
-    expected: FAIL
-
-  [link.nonce: IDL set to null]
-    expected: FAIL
-
-  [link.nonce: IDL set to object "test-toString"]
-    expected: FAIL
-
-  [link.nonce: IDL set to object "test-valueOf"]
-    expected: FAIL
-
   [meta.accessKey: typeof IDL attribute]
     expected: FAIL
 
@@ -2135,120 +2021,6 @@
   [style.tabIndex: IDL set to -2147483648]
     expected: FAIL
 
-  [style.nonce: typeof IDL attribute]
-    expected: FAIL
-
-  [style.nonce: IDL get with DOM attribute unset]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to ""]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to undefined]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to 7]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to 1.5]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to "5%"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to "+100"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to ".5"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to true]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to false]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to object "[object Object\]"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to NaN]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to Infinity]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to -Infinity]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to "\\0"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to null]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to object "test-toString"]
-    expected: FAIL
-
-  [style.nonce: setAttribute() to object "test-valueOf"]
-    expected: FAIL
-
-  [style.nonce: IDL set to ""]
-    expected: FAIL
-
-  [style.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo "]
-    expected: FAIL
-
-  [style.nonce: IDL set to undefined]
-    expected: FAIL
-
-  [style.nonce: IDL set to 7]
-    expected: FAIL
-
-  [style.nonce: IDL set to 1.5]
-    expected: FAIL
-
-  [style.nonce: IDL set to "5%"]
-    expected: FAIL
-
-  [style.nonce: IDL set to "+100"]
-    expected: FAIL
-
-  [style.nonce: IDL set to ".5"]
-    expected: FAIL
-
-  [style.nonce: IDL set to true]
-    expected: FAIL
-
-  [style.nonce: IDL set to false]
-    expected: FAIL
-
-  [style.nonce: IDL set to object "[object Object\]"]
-    expected: FAIL
-
-  [style.nonce: IDL set to NaN]
-    expected: FAIL
-
-  [style.nonce: IDL set to Infinity]
-    expected: FAIL
-
-  [style.nonce: IDL set to -Infinity]
-    expected: FAIL
-
-  [style.nonce: IDL set to "\\0"]
-    expected: FAIL
-
-  [style.nonce: IDL set to null]
-    expected: FAIL
-
-  [style.nonce: IDL set to object "test-toString"]
-    expected: FAIL
-
-  [style.nonce: IDL set to object "test-valueOf"]
-    expected: FAIL
-
   [head.tabIndex: setAttribute() to "7\\v"]
     expected: FAIL
 

tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/code-cache-nonce.html.ini

@@ -1,10 +0,0 @@
-[code-cache-nonce.html]
-  expected: ERROR
-  [First dynamic import should use nonce=abc]
-    expected: TIMEOUT
-
-  [Second dynamic import should use nonce=def]
-    expected: NOTRUN
-
-  [Third dynamic import should use nonce=ghi]
-    expected: NOTRUN

tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-external-classic.html.ini

@@ -1,2 +0,0 @@
-[propagate-nonce-external-classic.html]
-  expected: TIMEOUT

tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-classic.html.ini

@@ -1,2 +0,0 @@
-[propagate-nonce-inline-classic.html]
-  expected: TIMEOUT

tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/propagate-nonce-inline-module.html.ini

@@ -1,2 +1,3 @@
 [propagate-nonce-inline-module.html]
-  expected: TIMEOUT
+  [Dynamically imported module should eval when imported from script w/ a valid nonce.]
+    expected: FAIL

tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-classic.html.ini

@@ -1,5 +1,4 @@
 [string-compilation-nonce-classic.html]
-  expected: TIMEOUT
   [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
 

tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/string-compilation-nonce-module.html.ini

@@ -1,7 +1,15 @@
 [string-compilation-nonce-module.html]
-  expected: TIMEOUT
   [reflected inline event handlers must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
 
   [inline event handlers triggered via UA code must not inherit the nonce from the triggering script, thus fail]
     expected: FAIL
+
+  [direct eval must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
+
+  [indirect eval must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL
+
+  [the Function constructor must inherit the nonce from the triggering script, thus execute]
+    expected: FAIL

tests/wpt/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/v8-code-cache.html.ini

@@ -1,31 +0,0 @@
-[v8-code-cache.html]
-  expected: ERROR
-  [text/javascript: Run #1]
-    expected: TIMEOUT
-
-  [text/javascript: Run #2]
-    expected: NOTRUN
-
-  [text/javascript: Run #3]
-    expected: NOTRUN
-
-  [text/javascript: Run #4]
-    expected: NOTRUN
-
-  [text/javascript: Run #5]
-    expected: NOTRUN
-
-  [module: Run #1]
-    expected: NOTRUN
-
-  [module: Run #2]
-    expected: NOTRUN
-
-  [module: Run #3]
-    expected: NOTRUN
-
-  [module: Run #4]
-    expected: NOTRUN
-
-  [module: Run #5]
-    expected: NOTRUN