From 217fd3d367310227d9cb0ef350770fb88b43e145 Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Tue, 25 Feb 2020 16:26:32 +0000 Subject: [PATCH] Bug 1616251 [wpt PR 21853] - nonce attribute: no longer tentative, a=testonly Automatic update from web-platform-tests nonce attribute: no longer tentative For https://github.com/whatwg/html/pull/5300. Supersedes #5423 -- wpt-commits: 2ca72d0f4b39e6007ae10e78d25f352dab56b2d2 wpt-pr: 21853 UltraBlame original commit: f6e9e0c531a648d841cd116948906c025caa4921 --- .../nonce-hiding/nonces.html | 478 ++++++++++++++++++ .../nonce-hiding/nonces.html.headers | 12 + ...tml => script-nonces-hidden-meta.sub.html} | 56 +- ...ntative.html => script-nonces-hidden.html} | 289 ++++++++++- .../script-nonces-hidden.html.headers | 21 + ... => svgscript-nonces-hidden-meta.sub.html} | 227 ++------- ....sub.html => svgscript-nonces-hidden.html} | 264 +--------- .../svgscript-nonces-hidden.html.headers | 21 + 8 files changed, 908 insertions(+), 460 deletions(-) create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html.headers rename testing/web-platform/tests/content-security-policy/nonce-hiding/{script-nonces-hidden-meta.tentative.sub.html => script-nonces-hidden-meta.sub.html} (97%) rename testing/web-platform/tests/content-security-policy/nonce-hiding/{script-nonces-hidden.tentative.html => script-nonces-hidden.html} (80%) create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html.headers rename testing/web-platform/tests/content-security-policy/nonce-hiding/{svgscript-nonces-hidden.tentative.html => svgscript-nonces-hidden-meta.sub.html} (86%) rename testing/web-platform/tests/content-security-policy/nonce-hiding/{svgscript-nonces-hidden-meta.tentative.sub.html => svgscript-nonces-hidden.html} (80%) create mode 100644 testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.headers diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html new file mode 100644 index 0000000000000..372fe2990cf63 --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html @@ -0,0 +1,478 @@ +< +! +DOCTYPE +html +> +< +script +src += +" +/ +resources +/ +testharness +. +js +" +> +< +/ +script +> +< +script +src += +" +/ +resources +/ +testharnessreport +. +js +" +> +< +/ +script +> +< +div +id += +log +> +< +/ +div +> +< +script +> +[ +[ +" +meh +" +" +" +] +[ +" +div +" +" +" +] +[ +" +script +" +" +" +] +[ +" +meh +" +" +http +: +/ +/ +www +. +w3 +. +org +/ +2000 +/ +svg +" +] +[ +" +svg +" +" +http +: +/ +/ +www +. +w3 +. +org +/ +2000 +/ +svg +" +] +[ +" +script +" +" +http +: +/ +/ +www +. +w3 +. +org +/ +2000 +/ +svg +" +] +] +. +forEach +( +( +[ +localName +namespace +] +) += +> +{ +test +( +t += +> +{ +const +element += +namespace += += += +" +" +? +document +. +createElement +( +localName +) +: +document +. +createElementNS +( +namespace +localName +) +; +t +. +add_cleanup +( +( +) += +> +element +. +remove +( +) +) +; +assert_equals +( +element +. +nonce +" +" +" +Initial +IDL +attribute +value +" +) +; +element +. +setAttribute +( +" +nonce +" +" +x +" +) +; +assert_equals +( +element +. +nonce +" +x +" +" +IDL +attribute +is +modified +after +content +attribute +set +" +) +; +assert_equals +( +element +. +getAttribute +( +" +nonce +" +) +" +x +" +" +Content +attribute +is +modified +after +content +attribute +set +" +) +; +document +. +body +. +appendChild +( +element +) +; +assert_equals +( +element +. +nonce +" +x +" +" +IDL +attribute +is +unchanged +after +element +insertion +" +) +; +assert_equals +( +element +. +getAttribute +( +" +nonce +" +) +" +" +" +Content +attribute +is +changed +after +element +insertion +" +) +; +} +Basic +nonce +tests +for +{ +localName +} +in +{ +namespace += += += +" +" +? +" +HTML +" +: +" +SVG +" +} +namespace +) +; +test +( +t += +> +{ +const +element += +namespace += += += +" +" +? +document +. +createElement +( +localName +) +: +document +. +createElementNS +( +namespace +localName +) +; +element +. +setAttribute +( +" +nonce +" +" +x +" +) +; +assert_equals +( +element +. +nonce +" +x +" +" +IDL +attribute +is +modified +after +content +attribute +set +" +) +; +element +. +removeAttribute +( +" +nonce +" +) +; +assert_equals +( +element +. +nonce +" +" +" +IDL +attribute +is +empty +after +content +attribute +removal +" +) +; +} +Ensure +that +removal +of +content +attribute +does +not +affect +IDL +attribute +for +{ +localName +} +in +{ +namespace += += += +" +" +? +" +HTML +" +: +" +SVG +" +} +namespace +) +; +} +) +; +< +/ +script +> diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html.headers b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html.headers new file mode 100644 index 0000000000000..dce31e366915e --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html.headers @@ -0,0 +1,12 @@ +Content +- +Security +- +Policy +: +img +- +src +' +none +' diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.sub.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html similarity index 97% rename from testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.sub.html rename to testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html index 560bad19f076e..a554078bb28af 100644 --- a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.tentative.sub.html +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub.html @@ -676,6 +676,29 @@ abc ' ; +assert_equals +( +s +. +nonce +' +abc +' +) +; +assert_equals +( +s +. +getAttribute +( +' +nonce +' +) +null +) +; document . head @@ -1118,23 +1141,13 @@ cssTest " > -async_test -( -t -= -> -{ -requestAnimationFrame +test ( t -. -step_func_done -( -_ = > { -var +const script = document @@ -1147,6 +1160,21 @@ ' ) ; +t +. +add_cleanup +( +( +) += +> +script +. +remove +( +) +) +; var style = @@ -1221,10 +1249,6 @@ ) ; } -) -) -; -} " Nonces leak diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html similarity index 80% rename from testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html rename to testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html index 0929a6c0188b6..d4a2a0664e984 100644 --- a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.tentative.html +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html @@ -649,6 +649,29 @@ abc ' ; +assert_equals +( +s +. +nonce +' +abc +' +) +; +assert_equals +( +s +. +getAttribute +( +' +nonce +' +) +null +) +; document . head @@ -1039,6 +1062,239 @@ script > < +script +nonce += +" +abc +" +> +var +eventList += +[ +] +; +class +NonceElement +extends +HTMLElement +{ +static +get +observedAttributes +( +) +{ +return +[ +' +nonce +' +] +; +} +constructor +( +) +{ +super +( +) +; +} +attributeChangedCallback +( +name +oldValue +newValue +) +{ +eventList +. +push +( +{ +type +: +" +AttributeChanged +" +name +: +name +oldValue +: +oldValue +newValue +: +newValue +} +) +; +} +connectedCallback +( +) +{ +eventList +. +push +( +{ +type +: +" +Connected +" +} +) +; +} +} +customElements +. +define +( +" +nonce +- +element +" +NonceElement +) +; +< +/ +script +> +< +nonce +- +element +nonce += +" +abc +" +> +< +/ +nonce +- +element +> +< +script +nonce += +" +abc +" +> +test +( +t += +> +{ +assert_equals +( +eventList +. +length +3 +) +; +assert_object_equals +( +eventList +[ +0 +] +{ +type +: +" +AttributeChanged +" +name +: +" +nonce +" +oldValue +: +null +newValue +: +" +abc +" +} +) +; +assert_object_equals +( +eventList +[ +1 +] +{ +type +: +" +Connected +" +} +) +; +assert_object_equals +( +eventList +[ +2 +] +{ +type +: +" +AttributeChanged +" +name +: +" +nonce +" +oldValue +: +" +abc +" +newValue +: +" +" +} +) +; +} +" +Custom +elements +expose +the +correct +events +. +" +) +; +< +/ +script +> +< style > # @@ -1089,23 +1345,13 @@ cssTest " > -async_test -( -t -= -> -{ -requestAnimationFrame +test ( t -. -step_func_done -( -_ = > { -var +const script = document @@ -1118,6 +1364,21 @@ ' ) ; +t +. +add_cleanup +( +( +) += +> +script +. +remove +( +) +) +; var style = @@ -1155,10 +1416,6 @@ ) ; } -) -) -; -} " Nonces don diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html.headers b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html.headers new file mode 100644 index 0000000000000..d08254c378edb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/script-nonces-hidden.html.headers @@ -0,0 +1,21 @@ +Content +- +Security +- +Policy +: +script +- +src +' +nonce +- +abc +' +; +img +- +src +' +none +' diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub.html similarity index 86% rename from testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html rename to testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub.html index a5125831ab32e..b5a7cfbbe3bb2 100644 --- a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.tentative.html +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub.html @@ -15,11 +15,6 @@ . js " -nonce -= -" -abc -" > < / @@ -37,17 +32,45 @@ . js " -nonce -= -" -abc -" > < / script > < +meta +http +- +equiv += +" +content +- +security +- +policy +" +content += +" +script +- +src +' +nonce +- +abc +' +; +img +- +src +' +none +' +" +> +< body > < @@ -143,7 +166,6 @@ querySelector ( ' -body [ nonce ] @@ -159,7 +181,6 @@ querySelector ( ' -body [ nonce = @@ -168,7 +189,7 @@ ] ' ) -script +null ) ; assert_equals @@ -178,7 +199,6 @@ querySelector ( ' -body [ nonce = @@ -186,7 +206,7 @@ ] ' ) -null +script ) ; assert_equals @@ -200,6 +220,7 @@ ' ) ' +abc ' ) ; @@ -285,6 +306,7 @@ ' ) ' +abc ' ) ; @@ -343,6 +365,7 @@ ' ) ' +abc ' ) ; @@ -619,6 +642,7 @@ ' ) ' +abc ' ) ; @@ -689,7 +713,7 @@ createElement ( ' -script +innerScript ' ) ; @@ -746,6 +770,12 @@ ' ) null +' +innerScript +. +getAttribute +nonce +' ) ; } @@ -892,6 +922,7 @@ ' ) ' +abc ' " Post @@ -914,167 +945,3 @@ / script > -< -style -> -# -cssTest -{ -display -: -block -; -} -# -cssTest -[ -nonce -= -abc -] -{ -background -: -url -( -/ -security -/ -resources -/ -abe -. -png -) -; -} -< -/ -style -> -< -svg -xmlns -= -" -http -: -/ -/ -www -. -w3 -. -org -/ -2000 -/ -svg -" -> -< -script -nonce -= -" -abc -" -id -= -" -cssTest -" -> -async_test -( -t -= -> -{ -requestAnimationFrame -( -t -. -step_func_done -( -_ -= -> -{ -var -script -= -document -. -querySelector -( -' -# -cssTest -' -) -; -var -style -= -getComputedStyle -( -script -) -; -assert_equals -( -style -[ -' -display -' -] -' -block -' -) -; -assert_equals -( -style -[ -' -background -- -image -' -] -' -none -' -) -; -} -) -) -; -} -" -Nonces -don -' -t -leak -via -CSS -side -- -channels -. -" -) -; -< -/ -script -> -< -/ -svg -> diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.sub.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html similarity index 80% rename from testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.sub.html rename to testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html index 43b3aaa2f943b..cfe64ee3b63bb 100644 --- a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.tentative.sub.html +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html @@ -15,6 +15,11 @@ . js " +nonce += +" +abc +" > < / @@ -32,45 +37,17 @@ . js " -> -< -/ -script -> -< -meta -http -- -equiv -= -" -content -- -security -- -policy -" -content +nonce = " -script -- -src -' -nonce -- abc -' -; -img -- -src -' -none -' " > < +/ +script +> +< body > < @@ -166,6 +143,7 @@ querySelector ( ' +body [ nonce ] @@ -181,6 +159,7 @@ querySelector ( ' +body [ nonce = @@ -189,7 +168,7 @@ ] ' ) -null +script ) ; assert_equals @@ -199,6 +178,7 @@ querySelector ( ' +body [ nonce = @@ -206,7 +186,7 @@ ] ' ) -script +null ) ; assert_equals @@ -220,7 +200,6 @@ ' ) ' -abc ' ) ; @@ -306,7 +285,6 @@ ' ) ' -abc ' ) ; @@ -365,7 +343,6 @@ ' ) ' -abc ' ) ; @@ -642,7 +619,6 @@ ' ) ' -abc ' ) ; @@ -713,7 +689,7 @@ createElement ( ' -innerScript +script ' ) ; @@ -770,12 +746,6 @@ ' ) null -' -innerScript -. -getAttribute -nonce -' ) ; } @@ -922,7 +892,6 @@ ' ) ' -abc ' " Post @@ -945,204 +914,3 @@ / script > -< -style -> -# -cssTest -{ -display -: -block -; -} -# -cssTest -[ -nonce -= -abc -] -{ -background -: -url -( -/ -security -/ -resources -/ -abe -. -png -) -; -} -< -/ -style -> -< -svg -xmlns -= -" -http -: -/ -/ -www -. -w3 -. -org -/ -2000 -/ -svg -" -> -< -script -nonce -= -" -abc -" -id -= -" -cssTest -" -> -async_test -( -t -= -> -{ -requestAnimationFrame -( -t -. -step_func_done -( -_ -= -> -{ -var -script -= -document -. -querySelector -( -' -# -cssTest -' -) -; -var -style -= -getComputedStyle -( -script -) -; -assert_equals -( -style -[ -' -display -' -] -' -block -' -) -; -assert_equals -( -style -[ -' -background -- -image -' -] -" -url -( -\ -" -http -: -/ -/ -{ -{ -domains -[ -] -} -} -: -{ -{ -ports -[ -http -] -[ -0 -] -} -} -/ -security -/ -resources -/ -abe -. -png -\ -" -) -" -) -; -} -) -) -; -} -" -Nonces -don -' -t -leak -via -CSS -side -- -channels -. -" -) -; -< -/ -script -> -< -/ -svg -> diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.headers b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.headers new file mode 100644 index 0000000000000..d08254c378edb --- /dev/null +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.headers @@ -0,0 +1,21 @@ +Content +- +Security +- +Policy +: +script +- +src +' +nonce +- +abc +' +; +img +- +src +' +none +'