Changeset 285478 in webkit

Timestamp:

Nov 8, 2021, 6:26:15 PM (4 years ago)

Author:

Patrick Griffis

Message:

Implement nonce-hiding
​https://bugs.webkit.org/show_bug.cgi?id=179728

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

Update all nonce-hiding expectations as passing.
Update reflection-misc as script.nonce not being reflected, this matches Chromiums results.

• web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt:
• web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt:
• web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt:
• web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt:
• web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt:
• web-platform-tests/html/dom/idlharness.https-expected.txt:
• web-platform-tests/html/dom/reflection-misc-expected.txt:

Source/WebCore:

This is a hardening technique implemented by both Firefox and Chromium.

The behavior is documented here: ​https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes

• dom/Element.cpp:

(WebCore::Element::nonce const):
(WebCore::Element::setNonce):
(WebCore::Element::hideNonce):
(WebCore::Element::attributeChanged):
(WebCore::Element::cloneAttributesFromElement):

• dom/Element.h:
• dom/ElementRareData.cpp:
• dom/ElementRareData.h:

(WebCore::ElementRareData::nonce const):
(WebCore::ElementRareData::setNonce):
(WebCore::ElementRareData::useTypes const):

• dom/InlineClassicScript.cpp:

(WebCore::InlineClassicScript::create):

• dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::createSheet):

• dom/NodeRareData.h:
• dom/ScriptElement.cpp:

(WebCore::ScriptElement::requestClassicScript):
(WebCore::ScriptElement::requestModuleScript):
(WebCore::ScriptElement::executeClassicScript):

• html/HTMLElement.cpp:

(WebCore::HTMLElement::insertedIntoAncestor):

• html/HTMLElement.h:
• html/HTMLOrForeignElement.idl:
• html/HTMLScriptElement.idl:
• page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::didReceiveHeader):

• page/csp/ContentSecurityPolicy.h:

(WebCore::ContentSecurityPolicy::isHeaderDelivered const):

• svg/SVGElement.cpp:

(WebCore::SVGElement::insertedIntoAncestor):

LayoutTests:

Update expectations for nonce IDL as PASSing.

• platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
• platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
• platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
• platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
• platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
• platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
• platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
• platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (modified) (3 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (modified) (1 diff)
• LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (modified) (3 diffs)
• LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (modified) (3 diffs)
• LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (modified) (1 diff)
• LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (modified) (3 diffs)
• LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (modified) (3 diffs)
• LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (modified) (3 diffs)
• LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (modified) (1 diff)
• LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (modified) (3 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/dom/Element.cpp (modified) (3 diffs)
• Source/WebCore/dom/Element.h (modified) (1 diff)
• Source/WebCore/dom/ElementRareData.cpp (modified) (1 diff)
• Source/WebCore/dom/ElementRareData.h (modified) (3 diffs)
• Source/WebCore/dom/InlineClassicScript.cpp (modified) (1 diff)
• Source/WebCore/dom/InlineStyleSheetOwner.cpp (modified) (1 diff)
• Source/WebCore/dom/NodeRareData.h (modified) (1 diff)
• Source/WebCore/dom/ScriptElement.cpp (modified) (4 diffs)
• Source/WebCore/html/HTMLElement.cpp (modified) (1 diff)
• Source/WebCore/html/HTMLElement.h (modified) (1 diff)
• Source/WebCore/html/HTMLOrForeignElement.idl (modified) (1 diff)
• Source/WebCore/html/HTMLScriptElement.idl (modified) (1 diff)
• Source/WebCore/page/csp/ContentSecurityPolicy.cpp (modified) (1 diff)
• Source/WebCore/page/csp/ContentSecurityPolicy.h (modified) (2 diffs)
• Source/WebCore/svg/SVGElement.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-11-08  Patrick Griffis  <pgriffis@igalia.com>
+
+        Implement nonce-hiding
+        https://bugs.webkit.org/show_bug.cgi?id=179728
+
+        Reviewed by Chris Dumez.
+
+        Update expectations for nonce IDL as PASSing.
+
+        * platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
+        * platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
+        * platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+
 2021-11-08  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2021-11-08  Patrick Griffis  <pgriffis@igalia.com>
+
+        Implement nonce-hiding
+        https://bugs.webkit.org/show_bug.cgi?id=179728
+
+        Reviewed by Chris Dumez.
+
+        Update all nonce-hiding expectations as passing.
+        Update reflection-misc as script.nonce not being reflected, this matches Chromiums results.
+
+        * web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt:
+        * web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * web-platform-tests/html/dom/reflection-misc-expected.txt:
+
 2021-11-08  Chris Dumez  <cdumez@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt

@@ -1 +1 @@
 
-FAIL Basic nonce tests for meh in HTML namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for meh in HTML namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for div in HTML namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for div in HTML namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for script in HTML namespace assert_equals: Content attribute is changed after element insertion expected "" but got "x"
+PASS Basic nonce tests for meh in HTML namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace
+PASS Test empty nonces for meh in HTML namespace
+PASS Basic nonce tests for div in HTML namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace
+PASS Test empty nonces for div in HTML namespace
+PASS Basic nonce tests for script in HTML namespace
 PASS Ensure that removal of content attribute does not affect IDL attribute for script in HTML namespace
 PASS Test empty nonces for script in HTML namespace
-FAIL Basic nonce tests for meh in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for meh in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for svg in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for svg in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for script in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for script in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
+PASS Basic nonce tests for meh in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace
+PASS Test empty nonces for meh in SVG namespace
+PASS Basic nonce tests for svg in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace
+PASS Test empty nonces for svg in SVG namespace
+PASS Basic nonce tests for script in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace
+PASS Test empty nonces for script in SVG namespace
 

trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt

@@ -1 +1 @@
 
-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected Element node <script nonce="abc" id="testScript" executed="yay">
-  doc... but got null
-FAIL Cloned node retains nonce. assert_equals: expected "" but got "abc"
-FAIL Cloned node retains nonce when inserted. assert_equals: expected "" but got "abc"
+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
 PASS Writing 'nonce' content attribute.
-FAIL Writing 'nonce' IDL attribute. assert_equals: expected "foo" but got "bar"
+PASS Writing 'nonce' IDL attribute.
 PASS Document-written script executes.
-FAIL Document-written script's nonce value. assert_equals: expected "" but got "abc"
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
-FAIL setAttribute('nonce') overwrites '.nonce' upon insertion. assert_equals: expected "" but got "abc"
-FAIL createElement.setAttribute. assert_equals: Post-insertion content expected "" but got "abc"
-FAIL Custom elements expose the correct events. assert_object_equals: AttributeChanged 2 value is undefined, expected object
-FAIL Nonces don't leak via CSS side-channels. assert_equals: expected "none" but got "url(\"http://localhost:8800/security/resources/abe.png\")"
+PASS Document-written script's nonce value.
+PASS createElement.nonce.
+PASS setAttribute('nonce') overwrites '.nonce' upon insertion.
+PASS createElement.setAttribute.
+PASS Custom elements expose the correct events.
+PASS Nonces don't leak via CSS side-channels.
 

trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt

@@ -4 +4 @@
 PASS Cloned node retains nonce when inserted.
 PASS Writing 'nonce' content attribute.
-FAIL Writing 'nonce' IDL attribute. assert_equals: expected "foo" but got "bar"
+PASS Writing 'nonce' IDL attribute.
 PASS Document-written script executes.
 PASS Document-written script's nonce value.
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
+PASS createElement.nonce.
 PASS setAttribute('nonce') overwrites '.nonce' upon insertion.
 PASS createElement.setAttribute.

trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt

@@ -1 +1 @@
 
 
-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected Element node <script nonce="abc" id="testScript" executed="yay">
-    d... but got null
-FAIL Cloned node retains nonce. assert_equals: IDL attribute expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce when inserted. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Writing 'nonce' content attribute. assert_equals: expected (string) "foo" but got (undefined) undefined
+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
+PASS Writing 'nonce' content attribute.
 PASS Writing 'nonce' IDL attribute.
 PASS Document-written script executes.
-FAIL Document-written script's nonce value. assert_equals: expected "" but got "abc"
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
-FAIL createElement.setAttribute. assert_equals: Post-insertion content expected "" but got "abc"
+PASS Document-written script's nonce value.
+PASS createElement.nonce.
+PASS createElement.setAttribute.
 

trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt

@@ -1 +1 @@
  undefined
 
-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce. assert_equals: IDL attribute expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce when inserted. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Writing 'nonce' content attribute. assert_equals: expected (string) "foo" but got (undefined) undefined
+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
+PASS Writing 'nonce' content attribute.
 PASS Writing 'nonce' IDL attribute.
 PASS Document-written script executes.
-FAIL Document-written script's nonce value. assert_equals: expected (string) "abc" but got (undefined) undefined
+PASS Document-written script's nonce value.
 PASS createElement.nonce.
 PASS createElement.setAttribute.

trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt

@@ -197 +197 @@
 PASS HTMLElement interface: attribute inputMode
 PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
 FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS HTMLElement interface: attribute tabIndex
@@ -287 +287 @@
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
 FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
@@ -5097 +5097 @@
 PASS SVGElement interface: attribute onpaste
 PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
 FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS SVGElement interface: attribute tabIndex

trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt

@@ -968 +968 @@
 PASS script.nonce: setAttribute() to object "test-toString"
 PASS script.nonce: setAttribute() to object "test-valueOf"
-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
 PASS script.nonce: IDL set to object "test-valueOf"
 PASS script.integrity: typeof IDL attribute

trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt

@@ -335 +335 @@
 PASS HTMLElement interface: attribute inputMode
 PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
 PASS HTMLElement interface: attribute autofocus
 PASS HTMLElement interface: attribute tabIndex
@@ -430 +430 @@
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
@@ -5336 +5336 @@
 PASS SVGElement interface: attribute onpaste
 PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
 PASS SVGElement interface: attribute autofocus
 PASS SVGElement interface: attribute tabIndex

trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt

@@ -335 +335 @@
 PASS HTMLElement interface: attribute inputMode
 PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
 FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS HTMLElement interface: attribute tabIndex
@@ -430 +430 @@
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
 FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
@@ -5326 +5326 @@
 PASS SVGElement interface: attribute onpaste
 PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
 FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS SVGElement interface: attribute tabIndex

trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt

@@ -968 +968 @@
 PASS script.nonce: setAttribute() to object "test-toString"
 PASS script.nonce: setAttribute() to object "test-valueOf"
-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
 PASS script.nonce: IDL set to object "test-valueOf"
 PASS script.integrity: typeof IDL attribute

trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt

@@ -335 +335 @@
 PASS HTMLElement interface: attribute inputMode
 PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
 FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS HTMLElement interface: attribute tabIndex
@@ -430 +430 @@
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
 FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
@@ -5336 +5336 @@
 PASS SVGElement interface: attribute onpaste
 PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
 FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS SVGElement interface: attribute tabIndex

trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt

@@ -337 +337 @@
 PASS HTMLElement interface: attribute inputMode
 PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
 PASS HTMLElement interface: attribute autofocus
 PASS HTMLElement interface: attribute tabIndex
@@ -434 +434 @@
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
@@ -5373 +5373 @@
 PASS SVGElement interface: attribute onpaste
 PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
 PASS SVGElement interface: attribute autofocus
 PASS SVGElement interface: attribute tabIndex

trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt

@@ -335 +335 @@
 PASS HTMLElement interface: attribute inputMode
 PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
 PASS HTMLElement interface: attribute autofocus
 PASS HTMLElement interface: attribute tabIndex
@@ -430 +430 @@
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
@@ -5336 +5336 @@
 PASS SVGElement interface: attribute onpaste
 PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
 PASS SVGElement interface: attribute autofocus
 PASS SVGElement interface: attribute tabIndex

trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt

@@ -968 +968 @@
 PASS script.nonce: setAttribute() to object "test-toString"
 PASS script.nonce: setAttribute() to object "test-valueOf"
-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
 PASS script.nonce: IDL set to object "test-valueOf"
 PASS script.integrity: typeof IDL attribute

trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt

@@ -335 +335 @@
 PASS HTMLElement interface: attribute inputMode
 PASS HTMLElement interface: attribute dataset
-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS HTMLElement interface: attribute nonce
 FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS HTMLElement interface: attribute tabIndex
@@ -430 +430 @@
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
 FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
 PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
@@ -5336 +5336 @@
 PASS SVGElement interface: attribute onpaste
 PASS SVGElement interface: attribute dataset
-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
+PASS SVGElement interface: attribute nonce
 FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
 PASS SVGElement interface: attribute tabIndex

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-11-08  Patrick Griffis  <pgriffis@igalia.com>
+
+        Implement nonce-hiding
+        https://bugs.webkit.org/show_bug.cgi?id=179728
+
+        Reviewed by Chris Dumez.
+
+        This is a hardening technique implemented by both Firefox and Chromium.
+
+        The behavior is documented here: https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes
+
+        * dom/Element.cpp:
+        (WebCore::Element::nonce const):
+        (WebCore::Element::setNonce):
+        (WebCore::Element::hideNonce):
+        (WebCore::Element::attributeChanged):
+        (WebCore::Element::cloneAttributesFromElement):
+        * dom/Element.h:
+        * dom/ElementRareData.cpp:
+        * dom/ElementRareData.h:
+        (WebCore::ElementRareData::nonce const):
+        (WebCore::ElementRareData::setNonce):
+        (WebCore::ElementRareData::useTypes const):
+        * dom/InlineClassicScript.cpp:
+        (WebCore::InlineClassicScript::create):
+        * dom/InlineStyleSheetOwner.cpp:
+        (WebCore::InlineStyleSheetOwner::createSheet):
+        * dom/NodeRareData.h:
+        * dom/ScriptElement.cpp:
+        (WebCore::ScriptElement::requestClassicScript):
+        (WebCore::ScriptElement::requestModuleScript):
+        (WebCore::ScriptElement::executeClassicScript):
+        * html/HTMLElement.cpp:
+        (WebCore::HTMLElement::insertedIntoAncestor):
+        * html/HTMLElement.h:
+        * html/HTMLOrForeignElement.idl:
+        * html/HTMLScriptElement.idl:
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+        * page/csp/ContentSecurityPolicy.h:
+        (WebCore::ContentSecurityPolicy::isHeaderDelivered const):
+        * svg/SVGElement.cpp:
+        (WebCore::SVGElement::insertedIntoAncestor):
+
 2021-11-08  J Pascoe  <j_pascoe@apple.com>
 

trunk/Source/WebCore/dom/Element.cpp

@@ -315 +315 @@
 }
 
+const AtomString& Element::nonce() const
+{
+    return hasRareData() ? elementRareData()->nonce() : emptyAtom();
+}
+
+void Element::setNonce(const AtomString& newValue)
+{
+    if (newValue == emptyAtom() && !hasRareData())
+        return;
+
+    ensureElementRareData().setNonce(newValue);
+}
+
+void Element::hideNonce()
+{
+    // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes
+    if (!isConnected())
+        return;
+
+    const auto& csp = document().contentSecurityPolicy();
+    if (!csp->isHeaderDelivered())
+        return;
+
+    // Retain previous IDL nonce.
+    AtomString currentNonce = nonce();
+
+    if (!getAttribute(nonceAttr).isEmpty())
+        setAttribute(nonceAttr, emptyAtom());
+
+    setNonce(currentNonce);
+}
+
 bool Element::supportsFocus() const
 {
@@ -1861 +1893 @@
         } else if (name == HTMLNames::nameAttr)
             elementData()->setHasNameAttribute(!newValue.isNull());
-        else if (name == HTMLNames::pseudoAttr) {
+        else if (name == HTMLNames::nonceAttr) {
+            if (is<HTMLElement>(*this) || is<SVGElement>(*this))
+                setNonce(newValue.isNull() ? emptyAtom() : newValue);
+        } else if (name == HTMLNames::pseudoAttr) {
             if (needsStyleInvalidation() && isInShadowTree())
                 invalidateStyleForSubtree();
@@ -4484 +4519 @@
     for (const Attribute& attribute : attributesIterator())
         attributeChanged(attribute.name(), nullAtom(), attribute.value(), ModifiedByCloning);
+
+    setNonce(other.nonce());
 }
 

trunk/Source/WebCore/dom/Element.h

@@ -360 +360 @@
     virtual RefPtr<Element> focusDelegate();
 
+    // Used by the HTMLElement and SVGElement IDLs.
+    WEBCORE_EXPORT const AtomString& nonce() const;
+    WEBCORE_EXPORT void setNonce(const AtomString&);
+    void hideNonce();
+
     ExceptionOr<void> insertAdjacentHTML(const String& where, const String& html, NodeVector* addedNodes);
 

trunk/Source/WebCore/dom/ElementRareData.cpp

@@ -38 +38 @@
     IntPoint savedLayerScrollPosition;
     Vector<std::unique_ptr<ElementAnimationRareData>> animationRareData;
-    void* pointers[10];
+    void* pointers[11];
     void* intersectionObserverData;
 #if ENABLE(CSS_TYPED_OM)

trunk/Source/WebCore/dom/ElementRareData.h

@@ -103 +103 @@
     ResizeObserverData* resizeObserverData() { return m_resizeObserverData.get(); }
     void setResizeObserverData(std::unique_ptr<ResizeObserverData>&& data) { m_resizeObserverData = WTFMove(data); }
+
+    const AtomString& nonce() const { return m_nonce; }
+    void setNonce(const AtomString& value) { m_nonce = value; }
 
 #if ENABLE(CSS_TYPED_OM)
@@ -147 +150 @@
         if (!m_partNames.isEmpty())
             result.add(UseType::PartNames);
+        if (m_nonce)
+            result.add(UseType::Nonce);
         return result;
     }
@@ -178 +183 @@
     SpaceSplitString m_partNames;
 
+    AtomString m_nonce;
+
     void releasePseudoElement(PseudoElement*);
 };

trunk/Source/WebCore/dom/InlineClassicScript.cpp

@@ -37 +37 @@
     auto& element = scriptElement.element();
     return adoptRef(*new InlineClassicScript(
-        element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
+        element.nonce(),
         element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr),
         scriptElement.scriptCharset(),

trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp

@@ -169 +169 @@
     ASSERT(document.contentSecurityPolicy());
     const ContentSecurityPolicy& contentSecurityPolicy = *document.contentSecurityPolicy();
-    bool hasKnownNonce = contentSecurityPolicy.allowStyleWithNonce(element.attributeWithoutSynchronization(HTMLNames::nonceAttr), element.isInUserAgentShadowTree());
+    bool hasKnownNonce = contentSecurityPolicy.allowStyleWithNonce(element.nonce(), element.isInUserAgentShadowTree());
     if (!contentSecurityPolicy.allowInlineStyle(document.url().string(), m_startTextPosition.m_line, text, CheckUnsafeHashes::No, hasKnownNonce))
         return;

trunk/Source/WebCore/dom/NodeRareData.h

@@ -264 +264 @@
         PartList = 1 << 16,
         PartNames = 1 << 17,
+        Nonce = 1 << 18,
     };
 #endif

trunk/Source/WebCore/dom/ScriptElement.cpp

@@ -292 +292 @@
     if (!stripLeadingAndTrailingHTMLSpaces(sourceURL).isEmpty()) {
         auto script = LoadableClassicScript::create(
-            m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
+            m_element.nonce(),
             m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(),
             referrerPolicy(),
@@ -305 +305 @@
 
         const auto& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
-        if (!contentSecurityPolicy.allowNonParserInsertedScripts(scriptURL, m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), String(), m_parserInserted))
+        if (!contentSecurityPolicy.allowNonParserInsertedScripts(scriptURL, m_element.nonce(), String(), m_parserInserted))
             return false;
 
@@ -327 +327 @@
     // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
     // Module is always CORS request. If attribute is not given, it should be same-origin credential.
-    String nonce = m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr);
+    String nonce = m_element.nonce();
     String crossOriginMode = m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
     if (crossOriginMode.isNull())
@@ -398 +398 @@
         ASSERT(m_element.document().contentSecurityPolicy());
         const ContentSecurityPolicy& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
-        if (!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(), m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), sourceCode.source(), m_parserInserted))
+        if (!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(), m_element.nonce(), sourceCode.source(), m_parserInserted))
             return;
 
-        bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), m_element.isInUserAgentShadowTree());
+        bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.nonce(), m_element.isInUserAgentShadowTree());
         if (!contentSecurityPolicy.allowInlineScript(m_element.document().url().string(), m_startLineNumber, sourceCode.source(), hasKnownNonce))
             return;

trunk/Source/WebCore/html/HTMLElement.cpp

@@ -500 +500 @@
 }
 
+Node::InsertedIntoAncestorResult HTMLElement::insertedIntoAncestor(InsertionType insertionType, ContainerNode& containerNode)
+{
+    auto result = Element::insertedIntoAncestor(insertionType, containerNode);
+    hideNonce();
+    return result;
+}
+
 static Ref<DocumentFragment> textToFragment(Document& document, const String& text)
 {

trunk/Source/WebCore/html/HTMLElement.h

@@ -167 +167 @@
     bool matchesReadWritePseudoClass() const override;
     void parseAttribute(const QualifiedName&, const AtomString&) override;
+    Node::InsertedIntoAncestorResult insertedIntoAncestor(InsertionType , ContainerNode& parentOfInsertedTree) override;
     bool hasPresentationalHintsForAttribute(const QualifiedName&) const override;
     void collectPresentationalHintsForAttribute(const QualifiedName&, const AtomString&, MutableStyleProperties&) override;

trunk/Source/WebCore/html/HTMLOrForeignElement.idl

@@ -29 +29 @@
 interface mixin HTMLOrForeignElement {
     [SameObject] readonly attribute DOMStringMap dataset;
-    // FIXME: Implement 'nonce'.
-    // attribute DOMString nonce; // intentionally no [CEReactions]
+    attribute DOMString nonce; // intentionally no [CEReactions]
 
     [CEReactions=NotNeeded, Reflect] attribute boolean autofocus;

trunk/Source/WebCore/html/HTMLScriptElement.idl

@@ -31 +31 @@
     [CEReactions=NotNeeded, Reflect] attribute DOMString type;
     [CEReactions=NotNeeded] attribute DOMString? crossOrigin;
-    [Reflect] attribute DOMString nonce;
     [CEReactions=NotNeeded, Reflect] attribute boolean noModule;
     [CEReactions=NotNeeded, Reflect, EnabledBySetting=SubresourceIntegrityEnabled] attribute DOMString integrity;

trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp

@@ -196 +196 @@
         ASSERT(m_policies.isEmpty());
         m_hasAPIPolicy = true;
-    }
+    } else if (policyFrom == PolicyFrom::HTTPHeader)
+        m_isHeaderDelivered = true;
 
     m_cachedResponseHeaders = std::nullopt;

trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h

@@ -186 +186 @@
     SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
 
+    bool isHeaderDelivered() const { return m_isHeaderDelivered; }
+
 private:
     void logToConsole(const String& message, const String& contextURL = String(), const OrdinalNumber& contextLine = OrdinalNumber::beforeFirst(), const OrdinalNumber& contextColumn = OrdinalNumber::beforeFirst(), JSC::JSGlobalObject* = nullptr) const;
@@ -248 +250 @@
     HashSet<SecurityOriginData> m_insecureNavigationRequestsToUpgrade;
     mutable std::optional<ContentSecurityPolicyResponseHeaders> m_cachedResponseHeaders;
+    bool m_isHeaderDelivered { false };
 };
 

trunk/Source/WebCore/svg/SVGElement.cpp

@@ -895 +895 @@
     }
 
+    hideNonce();
+
     return InsertedIntoAncestorResult::Done;
 }