Implement inner slot for cryptographic nonce (#36965)

Also update the `html/dom/reflection-metadata.html` test to handle the case where `nonce` does not reflect back to the attribute after an IDL change. Part of https://github.com/servo/servo/issues/4577 Fixes https://github.com/web-platform-tests/wpt/issues/43286 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-08-06 22:15:33 +01:00 · 2025-05-14 12:21:21 +02:00 · 2025-05-14 12:21:21 +02:00 · a24fce3ae7
commit a24fce3ae7
parent 3aff272e14
14 changed files with 132 additions and 98 deletions
--- a/tests/wpt/meta/MANIFEST.json
+++ b/tests/wpt/meta/MANIFEST.json
@ -474524,7 +474524,7 @@
      []
     ],
     "reflection.js": [
-      "b2c3b30aae36b390a60c05b39901826ba71e0b1a",
+      "eeecd450fca8139e924affb298e7feb1a1fb46fb",
      []
     ],
     "render-blocking": {
--- a/tests/wpt/meta/content-security-policy/nonce-hiding/nonces.html.ini
+++ b/tests/wpt/meta/content-security-policy/nonce-hiding/nonces.html.ini
@ -1,24 +0,0 @@
-[nonces.html]
-  [Basic nonce tests for meh in HTML namespace]
-    expected: FAIL
-
-  [Basic nonce tests for div in HTML namespace]
-    expected: FAIL
-
-  [Basic nonce tests for script in HTML namespace]
-    expected: FAIL
-
-  [Basic nonce tests for meh in SVG namespace]
-    expected: FAIL
-
-  [Basic nonce tests for svg in SVG namespace]
-    expected: FAIL
-
-  [Basic nonce tests for script in SVG namespace]
-    expected: FAIL
-
-  [Basic nonce tests for style in HTML namespace]
-    expected: FAIL
-
-  [Basic nonce tests for link in HTML namespace]
-    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html.ini
@ -1,6 +1,3 @@
 [script-nonces-hidden-meta.sub.html]
-  [Writing 'nonce' IDL attribute.]
-    expected: FAIL
-
  [createElement.nonce.]
    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/nonce-hiding/script-nonces-hidden.html.ini
+++ b/tests/wpt/meta/content-security-policy/nonce-hiding/script-nonces-hidden.html.ini
@ -1,30 +1,3 @@
 [script-nonces-hidden.html]
-  [Reading 'nonce' content attribute and IDL attribute.]
-    expected: FAIL
-
-  [Cloned node retains nonce.]
-    expected: FAIL
-
-  [Cloned node retains nonce when inserted.]
-    expected: FAIL
-
-  [Writing 'nonce' IDL attribute.]
-    expected: FAIL
-
-  [Document-written script's nonce value.]
-    expected: FAIL
-
  [createElement.nonce.]
    expected: FAIL
-
-  [setAttribute('nonce') overwrites '.nonce' upon insertion.]
-    expected: FAIL
-
-  [createElement.setAttribute.]
-    expected: FAIL
-
-  [Custom elements expose the correct events.]
-    expected: FAIL
-
-  [Nonces don't leak via CSS side-channels.]
-    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub.html.ini
@ -2,9 +2,3 @@
  expected: TIMEOUT
  [Document-written script executes.]
    expected: NOTRUN
-
-  [createElement.nonce.]
-    expected: FAIL
-
-  [Writing 'nonce' IDL attribute.]
-    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.ini
+++ b/tests/wpt/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.ini
@ -1,22 +1,4 @@
 [svgscript-nonces-hidden.html]
  expected: TIMEOUT
-  [Reading 'nonce' content attribute and IDL attribute.]
-    expected: FAIL
-
-  [Cloned node retains nonce.]
-    expected: FAIL
-
-  [Cloned node retains nonce when inserted.]
-    expected: FAIL
-
  [Document-written script executes.]
    expected: NOTRUN
-
-  [createElement.nonce.]
-    expected: FAIL
-
-  [createElement.setAttribute.]
-    expected: FAIL
-
-  [Writing 'nonce' IDL attribute.]
-    expected: FAIL
--- a/tests/wpt/tests/html/dom/reflection.js
+++ b/tests/wpt/tests/html/dom/reflection.js
@ -967,6 +967,7 @@ ReflectionTests.reflects = function(data, idlName, idlObj, domName, domObj) {
                                               "previous value", "getAttribute()");
                ReflectionHarness.assertEquals(idlObj[idlName], previousIdl, "IDL get");
            } else {
+                var previousValue = domObj.getAttribute(domName);
                idlObj[idlName] = idlTests[i];
                if (data.type == "boolean") {
                    // Special case yay
@ -976,6 +977,11 @@ ReflectionTests.reflects = function(data, idlName, idlObj, domName, domObj) {
                    var expected = idlDomExpected[i] + "";
                    if (data.isNullable && idlDomExpected[i] === null) {
                        expected = null;
+                    } else if (idlName == "nonce") {
+                        // nonce doesn't reflect the value, as per /content-security-policy/nonce-hiding/
+                        // tests that confirm that retrieving the nonce value post IDL change does not
+                        // reflect back to the attribute (for security reasons)
+                        expected = previousValue;
                    }
                    ReflectionHarness.assertEquals(domObj.getAttribute(domName), expected,
                                                   "getAttribute()");