diff --git a/dom/html/HTMLLinkElement.h b/dom/html/HTMLLinkElement.h
index 3ee187856812..f1e9980bf1c7 100644
--- a/dom/html/HTMLLinkElement.h
+++ b/dom/html/HTMLLinkElement.h
@@ -107,6 +107,14 @@ public:
SetHTMLAttr(nsGkAtoms::rel, aRel, aRv);
}
nsDOMTokenList* RelList();
+ void GetNonce(nsAString& aNonce) const
+ {
+ GetHTMLAttr(nsGkAtoms::nonce, aNonce);
+ }
+ void SetNonce(const nsAString& aNonce, ErrorResult& aRv)
+ {
+ SetHTMLAttr(nsGkAtoms::nonce, aNonce, aRv);
+ }
// XPCOM GetMedia is fine.
void SetMedia(const nsAString& aMedia, ErrorResult& aRv)
{
diff --git a/dom/html/HTMLScriptElement.h b/dom/html/HTMLScriptElement.h
index 9ed05129a675..75260f689681 100644
--- a/dom/html/HTMLScriptElement.h
+++ b/dom/html/HTMLScriptElement.h
@@ -81,6 +81,14 @@ public:
{
SetOrRemoveNullableStringAttr(nsGkAtoms::crossorigin, aCrossOrigin, aError);
}
+ void GetNonce(nsAString& aNonce) const
+ {
+ GetHTMLAttr(nsGkAtoms::nonce, aNonce);
+ }
+ void SetNonce(const nsAString& aNonce, ErrorResult& aRv)
+ {
+ SetHTMLAttr(nsGkAtoms::nonce, aNonce, aRv);
+ }
void GetIntegrity(nsAString& aIntegrity)
{
GetHTMLAttr(nsGkAtoms::integrity, aIntegrity);
diff --git a/dom/html/HTMLStyleElement.h b/dom/html/HTMLStyleElement.h
index 15fd104cbe5d..ed52b820dcea 100644
--- a/dom/html/HTMLStyleElement.h
+++ b/dom/html/HTMLStyleElement.h
@@ -62,6 +62,14 @@ public:
bool Disabled();
void SetDisabled(bool aDisabled);
+ void GetNonce(nsAString& aNonce) const
+ {
+ GetHTMLAttr(nsGkAtoms::nonce, aNonce);
+ }
+ void SetNonce(const nsAString& aNonce, ErrorResult& aRv)
+ {
+ SetHTMLAttr(nsGkAtoms::nonce, aNonce, aRv);
+ }
void SetMedia(const nsAString& aMedia, ErrorResult& aError)
{
SetHTMLAttr(nsGkAtoms::media, aMedia, aError);
diff --git a/dom/webidl/HTMLLinkElement.webidl b/dom/webidl/HTMLLinkElement.webidl
index d6b5224e06d7..6232e09008c6 100644
--- a/dom/webidl/HTMLLinkElement.webidl
+++ b/dom/webidl/HTMLLinkElement.webidl
@@ -26,6 +26,8 @@ interface HTMLLinkElement : HTMLElement {
readonly attribute DOMTokenList relList;
[CEReactions, SetterThrows, Pure]
attribute DOMString media;
+ [CEReactions, SetterThrows, Pure]
+ attribute DOMString nonce;
[CEReactions, SetterThrows, Pure]
attribute DOMString hreflang;
[CEReactions, SetterThrows, Pure]
diff --git a/dom/webidl/HTMLScriptElement.webidl b/dom/webidl/HTMLScriptElement.webidl
index 286c0673d835..6b48a52443d6 100644
--- a/dom/webidl/HTMLScriptElement.webidl
+++ b/dom/webidl/HTMLScriptElement.webidl
@@ -26,6 +26,10 @@ interface HTMLScriptElement : HTMLElement {
attribute DOMString? crossOrigin;
[CEReactions, SetterThrows]
attribute DOMString text;
+ [CEReactions, SetterThrows, Pure]
+ attribute DOMString nonce;
+ [CEReactions, SetterThrows, Pure]
+ attribute DOMString integrity;
};
// http://www.whatwg.org/specs/web-apps/current-work/#other-elements,-attributes-and-apis
@@ -35,9 +39,3 @@ partial interface HTMLScriptElement {
[CEReactions, SetterThrows]
attribute DOMString htmlFor;
};
-
-// https://w3c.github.io/webappsec/specs/subresourceintegrity/#htmlscriptelement-1
-partial interface HTMLScriptElement {
- [CEReactions, SetterThrows]
- attribute DOMString integrity;
-};
diff --git a/dom/webidl/HTMLStyleElement.webidl b/dom/webidl/HTMLStyleElement.webidl
index 81d4ea0bd2c5..69d3a0d60075 100644
--- a/dom/webidl/HTMLStyleElement.webidl
+++ b/dom/webidl/HTMLStyleElement.webidl
@@ -15,6 +15,8 @@ interface HTMLStyleElement : HTMLElement {
[CEReactions, SetterThrows, Pure]
attribute DOMString media;
[CEReactions, SetterThrows, Pure]
+ attribute DOMString nonce;
+ [CEReactions, SetterThrows, Pure]
attribute DOMString type;
[SetterThrows, Pure, Pref="layout.css.scoped-style.enabled"]
attribute boolean scoped;
diff --git a/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html.ini b/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html.ini
index b9c46f2f5080..7f36013b17f5 100644
--- a/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html.ini
+++ b/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html.ini
@@ -1,29 +1,8 @@
[script-nonces-hidden-meta.tentative.html]
type: testharness
- [Reading 'nonce' content attribute and IDL attribute.]
- expected: FAIL
-
- [Cloned node retains nonce.]
- expected: FAIL
-
- [Cloned node retains nonce when inserted.]
- expected: FAIL
-
- [Writing 'nonce' content attribute.]
- expected: FAIL
-
- [Document-written script's nonce value.]
- expected: FAIL
-
[createElement.nonce.]
expected: FAIL
- [setAttribute('nonce') overwrites '.nonce' upon insertion.]
- expected: FAIL
-
- [createElement.setAttribute.]
- expected: FAIL
-
[Nonces leak via CSS side-channels.]
expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html.ini b/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html.ini
index 9691fe9c85da..5cad10f74ce1 100644
--- a/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html.ini
+++ b/testing/web-platform/meta/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html.ini
@@ -9,9 +9,6 @@
[Cloned node retains nonce when inserted.]
expected: FAIL
- [Writing 'nonce' content attribute.]
- expected: FAIL
-
[Document-written script's nonce value.]
expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html.ini b/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html.ini
index aaec89240046..df0bedb2205f 100644
--- a/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html.ini
+++ b/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html.ini
@@ -15,9 +15,6 @@
[Document-written script's nonce value.]
expected: FAIL
- [createElement.setAttribute.]
- expected: FAIL
-
[Nonces don't leak via CSS side-channels.]
expected: FAIL
diff --git a/testing/web-platform/meta/html/dom/interfaces.html.ini b/testing/web-platform/meta/html/dom/interfaces.html.ini
index b933a90a06e3..913f8f18b013 100644
--- a/testing/web-platform/meta/html/dom/interfaces.html.ini
+++ b/testing/web-platform/meta/html/dom/interfaces.html.ini
@@ -2677,12 +2677,6 @@
[HTMLElement interface: document.createElement("noscript") must inherit property "onmousewheel" with the proper type (58)]
expected: FAIL
- [HTMLStyleElement interface: attribute nonce]
- expected: FAIL
-
- [HTMLStyleElement interface: document.createElement("style") must inherit property "nonce" with the proper type (1)]
- expected: FAIL
-
[HTMLMediaElement interface: document.createElement("video") must inherit property "audioTracks" with the proper type (38)]
expected: FAIL
@@ -3001,12 +2995,6 @@
[HTMLElement interface: document.createElement("noscript") must inherit property "onmousewheel" with the proper type (59)]
expected: FAIL
- [HTMLLinkElement interface: attribute nonce]
- expected: FAIL
-
- [HTMLLinkElement interface: document.createElement("link") must inherit property "nonce" with the proper type (5)]
- expected: FAIL
-
[HTMLIFrameElement interface: attribute allowUserMedia]
expected: FAIL
@@ -3256,15 +3244,9 @@
[HTMLScriptElement interface: attribute noModule]
expected: FAIL
- [HTMLScriptElement interface: attribute nonce]
- expected: FAIL
-
[HTMLScriptElement interface: document.createElement("script") must inherit property "noModule" with the proper type (2)]
expected: FAIL
- [HTMLScriptElement interface: document.createElement("script") must inherit property "nonce" with the proper type (8)]
- expected: FAIL
-
[HTMLElement interface: document.createElement("noscript") must inherit property "forceSpellCheck" with the proper type (15)]
expected: FAIL
@@ -3289,9 +3271,6 @@
[Document interface: document.implementation.createDocument(null, "", null) must inherit property "styleSheets" with the proper type (29)]
expected: FAIL
- [HTMLLinkElement interface: document.createElement("link") must inherit property "nonce" with the proper type (6)]
- expected: FAIL
-
[HTMLBodyElement interface: attribute onmessageerror]
expected: FAIL
diff --git a/testing/web-platform/meta/html/dom/reflection-metadata.html.ini b/testing/web-platform/meta/html/dom/reflection-metadata.html.ini
index 40c1b1f2af73..44d1daf8bc70 100644
--- a/testing/web-platform/meta/html/dom/reflection-metadata.html.ini
+++ b/testing/web-platform/meta/html/dom/reflection-metadata.html.ini
@@ -36,102 +36,6 @@
[style.tabIndex: setAttribute() to object "3" followed by IDL get]
expected: FAIL
- [link.nonce: typeof IDL attribute]
- expected: FAIL
-
- [link.nonce: IDL get with DOM attribute unset]
- expected: FAIL
-
- [link.nonce: setAttribute() to ""]
- expected: FAIL
-
- [link.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [link.nonce: setAttribute() to undefined]
- expected: FAIL
-
- [link.nonce: setAttribute() to 7]
- expected: FAIL
-
- [link.nonce: setAttribute() to 1.5]
- expected: FAIL
-
- [link.nonce: setAttribute() to true]
- expected: FAIL
-
- [link.nonce: setAttribute() to false]
- expected: FAIL
-
- [link.nonce: setAttribute() to object "[object Object\]"]
- expected: FAIL
-
- [link.nonce: setAttribute() to NaN]
- expected: FAIL
-
- [link.nonce: setAttribute() to Infinity]
- expected: FAIL
-
- [link.nonce: setAttribute() to -Infinity]
- expected: FAIL
-
- [link.nonce: setAttribute() to "\\0"]
- expected: FAIL
-
- [link.nonce: setAttribute() to null]
- expected: FAIL
-
- [link.nonce: setAttribute() to object "test-toString"]
- expected: FAIL
-
- [link.nonce: setAttribute() to object "test-valueOf"]
- expected: FAIL
-
- [link.nonce: IDL set to ""]
- expected: FAIL
-
- [link.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [link.nonce: IDL set to undefined]
- expected: FAIL
-
- [link.nonce: IDL set to 7]
- expected: FAIL
-
- [link.nonce: IDL set to 1.5]
- expected: FAIL
-
- [link.nonce: IDL set to true]
- expected: FAIL
-
- [link.nonce: IDL set to false]
- expected: FAIL
-
- [link.nonce: IDL set to object "[object Object\]"]
- expected: FAIL
-
- [link.nonce: IDL set to NaN]
- expected: FAIL
-
- [link.nonce: IDL set to Infinity]
- expected: FAIL
-
- [link.nonce: IDL set to -Infinity]
- expected: FAIL
-
- [link.nonce: IDL set to "\\0"]
- expected: FAIL
-
- [link.nonce: IDL set to null]
- expected: FAIL
-
- [link.nonce: IDL set to object "test-toString"]
- expected: FAIL
-
- [link.nonce: IDL set to object "test-valueOf"]
- expected: FAIL
-
[link.as: setAttribute() to "document"]
expected: FAIL
diff --git a/testing/web-platform/meta/html/dom/reflection-misc.html.ini b/testing/web-platform/meta/html/dom/reflection-misc.html.ini
index fab67021a1c5..7ab1ae444d9f 100644
--- a/testing/web-platform/meta/html/dom/reflection-misc.html.ini
+++ b/testing/web-platform/meta/html/dom/reflection-misc.html.ini
@@ -604,102 +604,6 @@
[menuitem.default: IDL set to object "test-valueOf"]
expected: FAIL
- [script.nonce: typeof IDL attribute]
- expected: FAIL
-
- [script.nonce: IDL get with DOM attribute unset]
- expected: FAIL
-
- [script.nonce: setAttribute() to ""]
- expected: FAIL
-
- [script.nonce: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [script.nonce: setAttribute() to undefined]
- expected: FAIL
-
- [script.nonce: setAttribute() to 7]
- expected: FAIL
-
- [script.nonce: setAttribute() to 1.5]
- expected: FAIL
-
- [script.nonce: setAttribute() to true]
- expected: FAIL
-
- [script.nonce: setAttribute() to false]
- expected: FAIL
-
- [script.nonce: setAttribute() to object "[object Object\]"]
- expected: FAIL
-
- [script.nonce: setAttribute() to NaN]
- expected: FAIL
-
- [script.nonce: setAttribute() to Infinity]
- expected: FAIL
-
- [script.nonce: setAttribute() to -Infinity]
- expected: FAIL
-
- [script.nonce: setAttribute() to "\\0"]
- expected: FAIL
-
- [script.nonce: setAttribute() to null]
- expected: FAIL
-
- [script.nonce: setAttribute() to object "test-toString"]
- expected: FAIL
-
- [script.nonce: setAttribute() to object "test-valueOf"]
- expected: FAIL
-
- [script.nonce: IDL set to ""]
- expected: FAIL
-
- [script.nonce: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
- expected: FAIL
-
- [script.nonce: IDL set to undefined]
- expected: FAIL
-
- [script.nonce: IDL set to 7]
- expected: FAIL
-
- [script.nonce: IDL set to 1.5]
- expected: FAIL
-
- [script.nonce: IDL set to true]
- expected: FAIL
-
- [script.nonce: IDL set to false]
- expected: FAIL
-
- [script.nonce: IDL set to object "[object Object\]"]
- expected: FAIL
-
- [script.nonce: IDL set to NaN]
- expected: FAIL
-
- [script.nonce: IDL set to Infinity]
- expected: FAIL
-
- [script.nonce: IDL set to -Infinity]
- expected: FAIL
-
- [script.nonce: IDL set to "\\0"]
- expected: FAIL
-
- [script.nonce: IDL set to null]
- expected: FAIL
-
- [script.nonce: IDL set to object "test-toString"]
- expected: FAIL
-
- [script.nonce: IDL set to object "test-valueOf"]
- expected: FAIL
-
[script.noModule: typeof IDL attribute]
expected: FAIL
diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html
index 7209ea78125d..ec9a9347255b 100644
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.html
@@ -53,7 +53,7 @@
test(t => {
script.nonce = 'bar';
assert_equals(script.nonce, 'bar');
- assert_equals(script.getAttribute('nonce'), 'foo');
+ assert_equals(script.getAttribute('nonce'), 'bar');
}, "Writing 'nonce' IDL attribute.");
// Fragment parser.
diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html
index 763e48dddfb6..1d74074a79f3 100644
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html
@@ -54,7 +54,7 @@
test(t => {
script.nonce = 'bar';
assert_equals(script.nonce, 'bar');
- assert_equals(script.getAttribute('nonce'), 'foo');
+ assert_equals(script.getAttribute('nonce'), 'bar');
}, "Writing 'nonce' IDL attribute.");
// Fragment parser.
diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html
index a283869c18e1..3591e615d05b 100644
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.html
@@ -52,7 +52,7 @@
assert_equals(script.nonce, 'abc');
}, "Writing 'nonce' content attribute.");
- // Set the IDL attribute to 'bar'
+ // Set the IDL attribute to 'bar' (doesn't work on SVGScriptElement)
test(t => {
script.nonce = 'bar';
assert_equals(script.nonce, 'bar');
diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html
index 8c0e58b1d1d2..9b27e79c16d4 100644
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html
@@ -73,7 +73,8 @@
// Create node.
test(t => {
var s = document.createElement('svg');
- var innerScript = document.createElement('script');
+ var innerScript = document.createElementNS('http://www.w3.org/2000/svg',
+ 'script');
innerScript.innerText = script.innerText;
innerScript.nonce = 'abc';
s.appendChild(innerScript);
diff --git a/testing/web-platform/tests/html/dom/elements-metadata.js b/testing/web-platform/tests/html/dom/elements-metadata.js
index f3b32f79389c..9ec107548eee 100644
--- a/testing/web-platform/tests/html/dom/elements-metadata.js
+++ b/testing/web-platform/tests/html/dom/elements-metadata.js
@@ -55,6 +55,7 @@ var metadataElements = {
},
style: {
media: "string",
+ nonce: "string",
type: "string",
},
};