From ffc4eee19095496be8df92855e3c366af7806086 Mon Sep 17 00:00:00 2001
From: arthursonzogni <arthursonzogni@chromium.org>
Date: Thu, 5 Mar 2020 21:33:26 +0000
Subject: [PATCH] Bug 1618897 [wpt PR 22021] - [CSP] Factorize SVGElement &
 MHTMLElement nonce hiding., a=testonly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Automatic update from web-platform-tests
[CSP] Factorize SVGElement & MHTMLElement nonce hiding.

According to:
https://github.com/whatwg/html/pull/2373
html and svg Element are hiding their nonce when there are at least one
Content-Security-Policy defined from an HTTP header.

The two implementation:
- HTMLElement::InsertedInto
- SVGElement::InsertedInto

were hidding the nonce slightly differently. To prevent further
divergence, factorize this implementation into Element::HideNonce() and
call it from both places.

Bug: 1053496
Change-Id: I3cbad88f70c61591bef060d4188c82388e6001d2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2078536
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Fredrik Söderquist <fs@opera.com>
Cr-Commit-Position: refs/heads/master@{#746837}

--

wpt-commits: 06705ea82c8a9d1866665c8abd069dd3b0f8c12b
wpt-pr: 22021
---
 .../nonce-hiding/nonces.html                  | 84 +++++++++++++------
 1 file changed, 58 insertions(+), 26 deletions(-)

diff --git a/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html
index b023d060323d9..7ee10a7b29e5a 100644
--- a/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html
+++ b/testing/web-platform/tests/content-security-policy/nonce-hiding/nonces.html
@@ -3,30 +3,62 @@
 <script src="/resources/testharnessreport.js"></script>
 <div id=log></div>
 <script>
-[["meh", ""],
- ["div", ""],
- ["script", ""],
- ["meh", "http://www.w3.org/2000/svg"],
- ["svg", "http://www.w3.org/2000/svg"],
- ["script", "http://www.w3.org/2000/svg"]].forEach(([localName, namespace]) => {
-  test(t => {
-    const element = namespace === "" ? document.createElement(localName) : document.createElementNS(namespace, localName);
-    t.add_cleanup(() => element.remove());
-    assert_equals(element.nonce, "", "Initial IDL attribute value");
-    element.setAttribute("nonce", "x");
-    assert_equals(element.nonce, "x", "IDL attribute is modified after content attribute set");
-    assert_equals(element.getAttribute("nonce"), "x", "Content attribute is modified after content attribute set");
-    document.body.appendChild(element);
-    assert_equals(element.nonce, "x", "IDL attribute is unchanged after element insertion");
-    assert_equals(element.getAttribute("nonce"), "", "Content attribute is changed after element insertion");
-  }, `Basic nonce tests for ${localName} in ${namespace === "" ? "HTML" : "SVG"} namespace`);
-
-  test(t => {
-    const element = namespace === "" ? document.createElement(localName) : document.createElementNS(namespace, localName);
-    element.setAttribute("nonce", "x");
-    assert_equals(element.nonce, "x", "IDL attribute is modified after content attribute set");
-    element.removeAttribute("nonce");
-    assert_equals(element.nonce, "", "IDL attribute is empty after content attribute removal");
-  }, `Ensure that removal of content attribute does not affect IDL attribute for ${localName} in ${namespace === "" ? "HTML" : "SVG"} namespace`);
-});
+  const namespace_url= {
+    "HTML": "http://www.w3.org/1999/xhtml",
+    "SVG": "http://www.w3.org/2000/svg",
+  }
+  const test_cases = [
+    ["meh"    , "HTML"],
+    ["div"    , "HTML"],
+    ["script" , "HTML"],
+    ["meh"    , "SVG"],
+    ["svg"    , "SVG"],
+    ["script" , "SVG"],
+  ];
+
+  test_cases.forEach(([localName, namespace]) => {
+    test(t => {
+      const element = document.createElementNS(namespace_url[namespace], localName);
+      t.add_cleanup(() => element.remove());
+      assert_equals(element.nonce, "", "Initial IDL attribute value");
+      assert_equals(element.getAttribute("nonce"), null, "Initial content attribute");
+
+      element.setAttribute("nonce", "x");
+      assert_equals(element.nonce, "x", "IDL attribute is modified after content attribute set");
+      assert_equals(element.getAttribute("nonce"), "x", "Content attribute is modified after content attribute set");
+
+      document.body.appendChild(element);
+      assert_equals(element.nonce, "x", "IDL attribute is unchanged after element insertion");
+      assert_equals(element.getAttribute("nonce"), "", "Content attribute is changed after element insertion");
+    }, `Basic nonce tests for ${localName} in ${namespace} namespace`);
+
+    test(t => {
+      const element = document.createElementNS(namespace_url[namespace], localName);
+      t.add_cleanup(() => element.remove());
+      element.setAttribute("nonce", "x");
+      assert_equals(element.nonce, "x", "IDL attribute is modified after content attribute set");
+
+      element.removeAttribute("nonce");
+      assert_equals(element.nonce, "", "IDL attribute is empty after content attribute removal");
+    }, `Ensure that removal of content attribute does not affect IDL attribute for ${localName} in ${namespace} namespace`);
+
+    test(t => {
+      const element = document.createElementNS(namespace_url[namespace], localName);
+      t.add_cleanup(() => element.remove());
+      assert_equals(element.nonce, "");
+      assert_equals(element.getAttribute("nonce"), null);
+
+      element.setAttribute("nonce", "");
+      assert_equals(element.nonce, "");
+      assert_equals(element.getAttribute("nonce"), "");
+
+      document.body.appendChild(element);
+      assert_equals(element.nonce, "");
+      assert_equals(element.getAttribute("nonce"), "");
+
+      element.removeAttribute("nonce");
+      assert_equals(element.nonce, "");
+      assert_equals(element.getAttribute("nonce"), null);
+    }, `Test empty nonces for ${localName} in ${namespace} namespace`);
+  });
 </script>