From 40290d6d55baf49443ec4e9b36e4ab17b15a6e8d Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Mon, 9 Mar 2020 23:51:34 +0000 Subject: [PATCH] Bug 1618897 [wpt PR 22021] - [CSP] Factorize SVGElement & MHTMLElement nonce hiding., a=testonly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Automatic update from web-platform-tests [CSP] Factorize SVGElement & MHTMLElement nonce hiding. According to: https://github.com/whatwg/html/pull/2373 html and svg Element are hiding their nonce when there are at least one Content-Security-Policy defined from an HTTP header. The two implementation: - HTMLElement::InsertedInto - SVGElement::InsertedInto were hidding the nonce slightly differently. To prevent further divergence, factorize this implementation into Element::HideNonce() and call it from both places. Bug: 1053496 Change-Id: I3cbad88f70c61591bef060d4188c82388e6001d2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2078536 Commit-Queue: Arthur Sonzogni Reviewed-by: Mike West Reviewed-by: Fredrik Söderquist Cr-Commit-Position: refs/heads/master{#746837} -- wpt-commits: 06705ea82c8a9d1866665c8abd069dd3b0f8c12b wpt-pr: 22021 UltraBlame original commit: 24ff6c7777429ca3691d2c2d66c9a2d09651f701 --- .../nonce-hiding/nonces.html | 335 +++++++++++++----- 1 file changed, 252 insertions(+), 83 deletions(-) diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html index 372fe2990cf63..a0547199160f1 100644 --- a/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html +++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html @@ -50,12 +50,59 @@ < script > +const +namespace_url += +{ +" +HTML +" +: +" +http +: +/ +/ +www +. +w3 +. +org +/ +1999 +/ +xhtml +" +" +SVG +" +: +" +http +: +/ +/ +www +. +w3 +. +org +/ +2000 +/ +svg +" +} +const +test_cases += [ [ " meh " " +HTML " ] [ @@ -63,6 +110,7 @@ div " " +HTML " ] [ @@ -70,6 +118,7 @@ script " " +HTML " ] [ @@ -77,19 +126,7 @@ meh " " -http -: -/ -/ -www -. -w3 -. -org -/ -2000 -/ -svg +SVG " ] [ @@ -97,19 +134,7 @@ svg " " -http -: -/ -/ -www -. -w3 -. -org -/ -2000 -/ -svg +SVG " ] [ @@ -117,22 +142,12 @@ script " " -http -: -/ -/ -www -. -w3 -. -org -/ -2000 -/ -svg +SVG " ] ] +; +test_cases . forEach ( @@ -154,25 +169,14 @@ const element = -namespace -= -= -= -" -" -? -document -. -createElement -( -localName -) -: document . createElementNS ( +namespace_url +[ namespace +] localName ) ; @@ -206,6 +210,24 @@ " ) ; +assert_equals +( +element +. +getAttribute +( +" +nonce +" +) +null +" +Initial +content +attribute +" +) +; element . setAttribute @@ -325,19 +347,6 @@ in { namespace -= -= -= -" -" -? -" -HTML -" -: -" -SVG -" } namespace ) @@ -351,26 +360,30 @@ const element = -namespace -= -= -= -" -" -? document . -createElement +createElementNS ( +namespace_url +[ +namespace +] localName ) -: -document +; +t . -createElementNS +add_cleanup ( -namespace -localName +( +) += +> +element +. +remove +( +) ) ; element @@ -452,19 +465,175 @@ in { namespace +} +namespace +) +; +test +( +t = +> +{ +const +element = +document +. +createElementNS +( +namespace_url +[ +namespace +] +localName +) +; +t +. +add_cleanup +( +( +) = +> +element +. +remove +( +) +) +; +assert_equals +( +element +. +nonce " " -? +) +; +assert_equals +( +element +. +getAttribute +( " -HTML +nonce " -: +) +null +) +; +element +. +setAttribute +( " -SVG +nonce +" +" +" +) +; +assert_equals +( +element +. +nonce +" +" +) +; +assert_equals +( +element +. +getAttribute +( +" +nonce +" +) +" +" +) +; +document +. +body +. +appendChild +( +element +) +; +assert_equals +( +element +. +nonce +" +" +) +; +assert_equals +( +element +. +getAttribute +( +" +nonce " +) +" +" +) +; +element +. +removeAttribute +( +" +nonce +" +) +; +assert_equals +( +element +. +nonce +" +" +) +; +assert_equals +( +element +. +getAttribute +( +" +nonce +" +) +null +) +; +} +Test +empty +nonces +for +{ +localName +} +in +{ +namespace } namespace )