Prevent [[CryptographicNonce]] from being emptied

source

@@ -7118,11 +7118,11 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
 
   <p>Elements that have a <code data-x="attr-nonce">nonce</code> content attribute ensure that the
   crytographic nonce is only exposed to script (and not to side-channels like CSS attribute
-  selectors) by extracting the value from the content attribute, moving it into an internal slot
+  selectors) by taking the value from the content attribute, moving it into an internal slot
   named <dfn data-export="" data-dfn-for="HTMLOrSVGElement"
-  data-dfn-type="attribute">[[CryptographicNonce]]</dfn>, and exposing it to script via the
-  <code>HTMLOrSVGElement</code> interface mixin. Unless otherwise specified, the slot's value
-  is the empty string.</p>
+  data-dfn-type="attribute">[[CryptographicNonce]]</dfn>, exposing it to script via the
+  <code>HTMLOrSVGElement</code> interface mixin, and setting the content attribute to the empty
+  string. Unless otherwise specified, the slot's value is the empty string.</p>
 
   <dl class="domintro">
    <dt><var>element</var> . <code data-x="">nonce</code></dt>
@@ -7147,9 +7147,22 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
   <a href="https://github.com/whatwg/html/issues/2369">issue #2369</a>, where this behavior was
   introduced.</p>
 
-  <p>Whenever an element including <code>HTMLOrSVGElement</code> has its <code
-  data-x="attr-nonce">nonce</code> attribute is set or changed, set this element's
-  <span>[[CryptographicNonce]]</span> to the given value.</p>
+  <p>The following <span data-x="concept-element-attributes-change-ext">attribute change
+  steps</span> are used for the <code data-x="attr-nonce">nonce</code> content attribute:
+
+  <ol>
+   <li><p>If <var>element</var> does not include <code>HTMLOrSVGElement</code>, then
+   return.</p></li>
+
+   <li><p>If <var>localName</var> is not <code data-x="attr-nonce">nonce</code> or
+   <var>namespace</var> is not null, then return.</p></li>
+
+   <li><p>If <var>value</var> is null, then set <var>element</var>'s
+   <span>[[CryptographicNonce]]</span> to the empty string.</p></li>
+
+   <li><p>Otherwise, set <var>element</var>'s <span>[[CryptographicNonce]]</span> to
+   <var>value</var>.</p></li>
+  </ol>
 
   <p>Whenever an element including <code>HTMLOrSVGElement</code> <span>becomes browsing-context
   connected</span>, the user agent must execute the following steps on the <var>element</var>:</p>
@@ -7165,10 +7178,19 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     <var>attr</var> whose value is not the empty string, then:</p>
 
     <ol>
+     <li><p>Let <var>nonce</var> be <var>element</var>'s
+     <span>[[CryptographicNonce]]</span>.</p></li>
+
      <li><p><span data-x="concept-element-attributes-set-value">Set an attribute value</span> for
      <var>element</var> using "<code data-x="attr-nonce">nonce</code>" and the empty
      string.</p></li>
+
+     <li><p>Set <var>element</var>'s <span>[[CryptographicNonce]]</span> to
+     <var>nonce</var>.</p></li>
     </ol>
+
+    <p class="note">If <var>element</var>'s <span>[[CryptographicNonce]]</span> were not restored it
+    would be the empty string at this point.</p>
    </li>
   </ol>