<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[285478] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/285478">285478</a></dd>
<dt>Author</dt> <dd>pgriffis@igalia.com</dd>
<dt>Date</dt> <dd>2021-11-08 18:26:15 -0800 (Mon, 08 Nov 2021)</dd>
</dl>

<h3>Log Message</h3>
<pre>Implement nonce-hiding
https://bugs.webkit.org/show_bug.cgi?id=179728

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

Update all nonce-hiding expectations as passing.
Update reflection-misc as script.nonce not being reflected, this matches Chromiums results.

* web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt:
* web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt:
* web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt:
* web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt:
* web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt:
* web-platform-tests/html/dom/idlharness.https-expected.txt:
* web-platform-tests/html/dom/reflection-misc-expected.txt:

Source/WebCore:

This is a hardening technique implemented by both Firefox and Chromium.

The behavior is documented here: https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes

* dom/Element.cpp:
(WebCore::Element::nonce const):
(WebCore::Element::setNonce):
(WebCore::Element::hideNonce):
(WebCore::Element::attributeChanged):
(WebCore::Element::cloneAttributesFromElement):
* dom/Element.h:
* dom/ElementRareData.cpp:
* dom/ElementRareData.h:
(WebCore::ElementRareData::nonce const):
(WebCore::ElementRareData::setNonce):
(WebCore::ElementRareData::useTypes const):
* dom/InlineClassicScript.cpp:
(WebCore::InlineClassicScript::create):
* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet):
* dom/NodeRareData.h:
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::requestClassicScript):
(WebCore::ScriptElement::requestModuleScript):
(WebCore::ScriptElement::executeClassicScript):
* html/HTMLElement.cpp:
(WebCore::HTMLElement::insertedIntoAncestor):
* html/HTMLElement.h:
* html/HTMLOrForeignElement.idl:
* html/HTMLScriptElement.idl:
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::didReceiveHeader):
* page/csp/ContentSecurityPolicy.h:
(WebCore::ContentSecurityPolicy::isHeaderDelivered const):
* svg/SVGElement.cpp:
(WebCore::SVGElement::insertedIntoAncestor):

LayoutTests:

Update expectations for nonce IDL as PASSing.

* platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
* platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
* platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
* platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingnoncesexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingscriptnonceshiddenexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingscriptnonceshiddenmetasubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingsvgscriptnonceshiddenexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingsvgscriptnonceshiddenmetasubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmldomreflectionmiscexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformgtkimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt">trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformioswk2importedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt">trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformioswk2importedw3cwebplatformtestshtmldomreflectionmiscexpectedtxt">trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformipadimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt">trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk1importedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt">trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt">trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestshtmldomreflectionmiscexpectedtxt">trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformwpeimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt">trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoredomElementcpp">trunk/Source/WebCore/dom/Element.cpp</a></li>
<li><a href="#trunkSourceWebCoredomElementh">trunk/Source/WebCore/dom/Element.h</a></li>
<li><a href="#trunkSourceWebCoredomElementRareDatacpp">trunk/Source/WebCore/dom/ElementRareData.cpp</a></li>
<li><a href="#trunkSourceWebCoredomElementRareDatah">trunk/Source/WebCore/dom/ElementRareData.h</a></li>
<li><a href="#trunkSourceWebCoredomInlineClassicScriptcpp">trunk/Source/WebCore/dom/InlineClassicScript.cpp</a></li>
<li><a href="#trunkSourceWebCoredomInlineStyleSheetOwnercpp">trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp</a></li>
<li><a href="#trunkSourceWebCoredomNodeRareDatah">trunk/Source/WebCore/dom/NodeRareData.h</a></li>
<li><a href="#trunkSourceWebCoredomScriptElementcpp">trunk/Source/WebCore/dom/ScriptElement.cpp</a></li>
<li><a href="#trunkSourceWebCorehtmlHTMLElementcpp">trunk/Source/WebCore/html/HTMLElement.cpp</a></li>
<li><a href="#trunkSourceWebCorehtmlHTMLElementh">trunk/Source/WebCore/html/HTMLElement.h</a></li>
<li><a href="#trunkSourceWebCorehtmlHTMLOrForeignElementidl">trunk/Source/WebCore/html/HTMLOrForeignElement.idl</a></li>
<li><a href="#trunkSourceWebCorehtmlHTMLScriptElementidl">trunk/Source/WebCore/html/HTMLScriptElement.idl</a></li>
<li><a href="#trunkSourceWebCorepagecspContentSecurityPolicycpp">trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp</a></li>
<li><a href="#trunkSourceWebCorepagecspContentSecurityPolicyh">trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h</a></li>
<li><a href="#trunkSourceWebCoresvgSVGElementcpp">trunk/Source/WebCore/svg/SVGElement.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog      2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/ChangeLog 2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -1,3 +1,21 @@
</span><ins>+2021-11-08  Patrick Griffis  <pgriffis@igalia.com>
+
+        Implement nonce-hiding
+        https://bugs.webkit.org/show_bug.cgi?id=179728
+
+        Reviewed by Chris Dumez.
+
+        Update expectations for nonce IDL as PASSing.
+
+        * platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
+        * platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt:
+        * platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt:
+
</ins><span class="cx"> 2021-11-08  Chris Dumez  <cdumez@apple.com>
</span><span class="cx"> 
</span><span class="cx">         REGRESSION (r283935): [ macOS wk1 ] imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/dialog-autofocus-multiple-times.html is a flaky failure
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/ChangeLog    2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -1,3 +1,21 @@
</span><ins>+2021-11-08  Patrick Griffis  <pgriffis@igalia.com>
+
+        Implement nonce-hiding
+        https://bugs.webkit.org/show_bug.cgi?id=179728
+
+        Reviewed by Chris Dumez.
+
+        Update all nonce-hiding expectations as passing.
+        Update reflection-misc as script.nonce not being reflected, this matches Chromiums results.
+
+        * web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt:
+        * web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt:
+        * web-platform-tests/html/dom/idlharness.https-expected.txt:
+        * web-platform-tests/html/dom/reflection-misc-expected.txt:
+
</ins><span class="cx"> 2021-11-08  Chris Dumez  <cdumez@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Add abort reason to AbortSignal
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingnoncesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt       2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/nonces-expected.txt  2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -1,20 +1,20 @@
</span><span class="cx"> 
</span><del>-FAIL Basic nonce tests for meh in HTML namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for meh in HTML namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for div in HTML namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for div in HTML namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for script in HTML namespace assert_equals: Content attribute is changed after element insertion expected "" but got "x"
</del><ins>+PASS Basic nonce tests for meh in HTML namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace
+PASS Test empty nonces for meh in HTML namespace
+PASS Basic nonce tests for div in HTML namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace
+PASS Test empty nonces for div in HTML namespace
+PASS Basic nonce tests for script in HTML namespace
</ins><span class="cx"> PASS Ensure that removal of content attribute does not affect IDL attribute for script in HTML namespace
</span><span class="cx"> PASS Test empty nonces for script in HTML namespace
</span><del>-FAIL Basic nonce tests for meh in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for meh in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for svg in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for svg in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
-FAIL Basic nonce tests for script in SVG namespace assert_equals: Initial IDL attribute value expected (string) "" but got (undefined) undefined
-FAIL Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected (string) "x" but got (undefined) undefined
-FAIL Test empty nonces for script in SVG namespace assert_equals: expected (string) "" but got (undefined) undefined
</del><ins>+PASS Basic nonce tests for meh in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace
+PASS Test empty nonces for meh in SVG namespace
+PASS Basic nonce tests for svg in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace
+PASS Test empty nonces for svg in SVG namespace
+PASS Basic nonce tests for script in SVG namespace
+PASS Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace
+PASS Test empty nonces for script in SVG namespace
</ins><span class="cx"> 
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingscriptnonceshiddenexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-expected.txt    2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -1,15 +1,14 @@
</span><span class="cx"> 
</span><del>-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected Element node <script nonce="abc" id="testScript" executed="yay">
-  doc... but got null
-FAIL Cloned node retains nonce. assert_equals: expected "" but got "abc"
-FAIL Cloned node retains nonce when inserted. assert_equals: expected "" but got "abc"
</del><ins>+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
</ins><span class="cx"> PASS Writing 'nonce' content attribute.
</span><del>-FAIL Writing 'nonce' IDL attribute. assert_equals: expected "foo" but got "bar"
</del><ins>+PASS Writing 'nonce' IDL attribute.
</ins><span class="cx"> PASS Document-written script executes.
</span><del>-FAIL Document-written script's nonce value. assert_equals: expected "" but got "abc"
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
-FAIL setAttribute('nonce') overwrites '.nonce' upon insertion. assert_equals: expected "" but got "abc"
-FAIL createElement.setAttribute. assert_equals: Post-insertion content expected "" but got "abc"
-FAIL Custom elements expose the correct events. assert_object_equals: AttributeChanged 2 value is undefined, expected object
-FAIL Nonces don't leak via CSS side-channels. assert_equals: expected "none" but got "url(\"http://localhost:8800/security/resources/abe.png\")"
</del><ins>+PASS Document-written script's nonce value.
+PASS createElement.nonce.
+PASS setAttribute('nonce') overwrites '.nonce' upon insertion.
+PASS createElement.setAttribute.
+PASS Custom elements expose the correct events.
+PASS Nonces don't leak via CSS side-channels.
</ins><span class="cx"> 
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingscriptnonceshiddenmetasubexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt        2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/script-nonces-hidden-meta.sub-expected.txt   2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -3,10 +3,10 @@
</span><span class="cx"> PASS Cloned node retains nonce.
</span><span class="cx"> PASS Cloned node retains nonce when inserted.
</span><span class="cx"> PASS Writing 'nonce' content attribute.
</span><del>-FAIL Writing 'nonce' IDL attribute. assert_equals: expected "foo" but got "bar"
</del><ins>+PASS Writing 'nonce' IDL attribute.
</ins><span class="cx"> PASS Document-written script executes.
</span><span class="cx"> PASS Document-written script's nonce value.
</span><del>-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
</del><ins>+PASS createElement.nonce.
</ins><span class="cx"> PASS setAttribute('nonce') overwrites '.nonce' upon insertion.
</span><span class="cx"> PASS createElement.setAttribute.
</span><span class="cx"> PASS Nonces leak via CSS side-channels.
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingsvgscriptnonceshiddenexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt      2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt 2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -1,13 +1,12 @@
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected Element node <script nonce="abc" id="testScript" executed="yay">
-    d... but got null
-FAIL Cloned node retains nonce. assert_equals: IDL attribute expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce when inserted. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Writing 'nonce' content attribute. assert_equals: expected (string) "foo" but got (undefined) undefined
</del><ins>+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
+PASS Writing 'nonce' content attribute.
</ins><span class="cx"> PASS Writing 'nonce' IDL attribute.
</span><span class="cx"> PASS Document-written script executes.
</span><del>-FAIL Document-written script's nonce value. assert_equals: expected "" but got "abc"
-FAIL createElement.nonce. assert_equals: expected (object) null but got (string) "abc"
-FAIL createElement.setAttribute. assert_equals: Post-insertion content expected "" but got "abc"
</del><ins>+PASS Document-written script's nonce value.
+PASS createElement.nonce.
+PASS createElement.setAttribute.
</ins><span class="cx"> 
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscontentsecuritypolicynoncehidingsvgscriptnonceshiddenmetasubexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt     2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt        2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -1,12 +1,12 @@
</span><span class="cx">  undefined
</span><span class="cx"> 
</span><del>-FAIL Reading 'nonce' content attribute and IDL attribute. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce. assert_equals: IDL attribute expected (string) "abc" but got (undefined) undefined
-FAIL Cloned node retains nonce when inserted. assert_equals: expected (string) "abc" but got (undefined) undefined
-FAIL Writing 'nonce' content attribute. assert_equals: expected (string) "foo" but got (undefined) undefined
</del><ins>+PASS Reading 'nonce' content attribute and IDL attribute.
+PASS Cloned node retains nonce.
+PASS Cloned node retains nonce when inserted.
+PASS Writing 'nonce' content attribute.
</ins><span class="cx"> PASS Writing 'nonce' IDL attribute.
</span><span class="cx"> PASS Document-written script executes.
</span><del>-FAIL Document-written script's nonce value. assert_equals: expected (string) "abc" but got (undefined) undefined
</del><ins>+PASS Document-written script's nonce value.
</ins><span class="cx"> PASS createElement.nonce.
</span><span class="cx"> PASS createElement.setAttribute.
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt    2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -196,7 +196,7 @@
</span><span class="cx"> PASS HTMLElement interface: attribute isContentEditable
</span><span class="cx"> PASS HTMLElement interface: attribute inputMode
</span><span class="cx"> PASS HTMLElement interface: attribute dataset
</span><del>-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS HTMLElement interface: attribute nonce
</ins><span class="cx"> FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS HTMLElement interface: attribute tabIndex
</span><span class="cx"> PASS HTMLElement interface: operation focus(FocusOptions)
</span><span class="lines">@@ -286,7 +286,7 @@
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
</span><del>-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
</del><ins>+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
</ins><span class="cx"> FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(FocusOptions)" with the proper type
</span><span class="lines">@@ -5096,7 +5096,7 @@
</span><span class="cx"> PASS SVGElement interface: attribute oncut
</span><span class="cx"> PASS SVGElement interface: attribute onpaste
</span><span class="cx"> PASS SVGElement interface: attribute dataset
</span><del>-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS SVGElement interface: attribute nonce
</ins><span class="cx"> FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS SVGElement interface: attribute tabIndex
</span><span class="cx"> PASS SVGElement interface: operation focus(FocusOptions)
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmldomreflectionmiscexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt  2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt     2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -967,23 +967,23 @@
</span><span class="cx"> PASS script.nonce: setAttribute() to null
</span><span class="cx"> PASS script.nonce: setAttribute() to object "test-toString"
</span><span class="cx"> PASS script.nonce: setAttribute() to object "test-valueOf"
</span><del>-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
</del><ins>+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
</ins><span class="cx"> PASS script.nonce: IDL set to object "test-valueOf"
</span><span class="cx"> PASS script.integrity: typeof IDL attribute
</span><span class="cx"> PASS script.integrity: IDL get with DOM attribute unset
</span></span></pre></div>
<a id="trunkLayoutTestsplatformgtkimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt    2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/gtk/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt       2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -334,7 +334,7 @@
</span><span class="cx"> PASS HTMLElement interface: attribute isContentEditable
</span><span class="cx"> PASS HTMLElement interface: attribute inputMode
</span><span class="cx"> PASS HTMLElement interface: attribute dataset
</span><del>-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS HTMLElement interface: attribute nonce
</ins><span class="cx"> PASS HTMLElement interface: attribute autofocus
</span><span class="cx"> PASS HTMLElement interface: attribute tabIndex
</span><span class="cx"> PASS HTMLElement interface: operation focus(optional FocusOptions)
</span><span class="lines">@@ -429,7 +429,7 @@
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
</span><del>-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
</del><ins>+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
</ins><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
</span><span class="lines">@@ -5335,7 +5335,7 @@
</span><span class="cx"> PASS SVGElement interface: attribute oncut
</span><span class="cx"> PASS SVGElement interface: attribute onpaste
</span><span class="cx"> PASS SVGElement interface: attribute dataset
</span><del>-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS SVGElement interface: attribute nonce
</ins><span class="cx"> PASS SVGElement interface: attribute autofocus
</span><span class="cx"> PASS SVGElement interface: attribute tabIndex
</span><span class="cx"> PASS SVGElement interface: operation focus(optional FocusOptions)
</span></span></pre></div>
<a id="trunkLayoutTestsplatformioswk2importedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt        2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt   2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -334,7 +334,7 @@
</span><span class="cx"> PASS HTMLElement interface: attribute isContentEditable
</span><span class="cx"> PASS HTMLElement interface: attribute inputMode
</span><span class="cx"> PASS HTMLElement interface: attribute dataset
</span><del>-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS HTMLElement interface: attribute nonce
</ins><span class="cx"> FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS HTMLElement interface: attribute tabIndex
</span><span class="cx"> PASS HTMLElement interface: operation focus(optional FocusOptions)
</span><span class="lines">@@ -429,7 +429,7 @@
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
</span><del>-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
</del><ins>+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
</ins><span class="cx"> FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
</span><span class="lines">@@ -5325,7 +5325,7 @@
</span><span class="cx"> PASS SVGElement interface: attribute oncut
</span><span class="cx"> PASS SVGElement interface: attribute onpaste
</span><span class="cx"> PASS SVGElement interface: attribute dataset
</span><del>-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS SVGElement interface: attribute nonce
</ins><span class="cx"> FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS SVGElement interface: attribute tabIndex
</span><span class="cx"> PASS SVGElement interface: operation focus(optional FocusOptions)
</span></span></pre></div>
<a id="trunkLayoutTestsplatformioswk2importedw3cwebplatformtestshtmldomreflectionmiscexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt    2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -967,23 +967,23 @@
</span><span class="cx"> PASS script.nonce: setAttribute() to null
</span><span class="cx"> PASS script.nonce: setAttribute() to object "test-toString"
</span><span class="cx"> PASS script.nonce: setAttribute() to object "test-valueOf"
</span><del>-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
</del><ins>+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
</ins><span class="cx"> PASS script.nonce: IDL set to object "test-valueOf"
</span><span class="cx"> PASS script.integrity: typeof IDL attribute
</span><span class="cx"> PASS script.integrity: IDL get with DOM attribute unset
</span></span></pre></div>
<a id="trunkLayoutTestsplatformipadimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt   2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/ipad/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt      2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -334,7 +334,7 @@
</span><span class="cx"> PASS HTMLElement interface: attribute isContentEditable
</span><span class="cx"> PASS HTMLElement interface: attribute inputMode
</span><span class="cx"> PASS HTMLElement interface: attribute dataset
</span><del>-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS HTMLElement interface: attribute nonce
</ins><span class="cx"> FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS HTMLElement interface: attribute tabIndex
</span><span class="cx"> PASS HTMLElement interface: operation focus(optional FocusOptions)
</span><span class="lines">@@ -429,7 +429,7 @@
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
</span><del>-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
</del><ins>+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
</ins><span class="cx"> FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
</span><span class="lines">@@ -5335,7 +5335,7 @@
</span><span class="cx"> PASS SVGElement interface: attribute oncut
</span><span class="cx"> PASS SVGElement interface: attribute onpaste
</span><span class="cx"> PASS SVGElement interface: attribute dataset
</span><del>-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS SVGElement interface: attribute nonce
</ins><span class="cx"> FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS SVGElement interface: attribute tabIndex
</span><span class="cx"> PASS SVGElement interface: operation focus(optional FocusOptions)
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk1importedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt        2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt   2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -336,7 +336,7 @@
</span><span class="cx"> PASS HTMLElement interface: attribute isContentEditable
</span><span class="cx"> PASS HTMLElement interface: attribute inputMode
</span><span class="cx"> PASS HTMLElement interface: attribute dataset
</span><del>-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS HTMLElement interface: attribute nonce
</ins><span class="cx"> PASS HTMLElement interface: attribute autofocus
</span><span class="cx"> PASS HTMLElement interface: attribute tabIndex
</span><span class="cx"> PASS HTMLElement interface: operation focus(optional FocusOptions)
</span><span class="lines">@@ -433,7 +433,7 @@
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
</span><del>-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
</del><ins>+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
</ins><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
</span><span class="lines">@@ -5372,7 +5372,7 @@
</span><span class="cx"> PASS SVGElement interface: attribute oncut
</span><span class="cx"> PASS SVGElement interface: attribute onpaste
</span><span class="cx"> PASS SVGElement interface: attribute dataset
</span><del>-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS SVGElement interface: attribute nonce
</ins><span class="cx"> PASS SVGElement interface: attribute autofocus
</span><span class="cx"> PASS SVGElement interface: attribute tabIndex
</span><span class="cx"> PASS SVGElement interface: operation focus(optional FocusOptions)
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt        2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt   2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -334,7 +334,7 @@
</span><span class="cx"> PASS HTMLElement interface: attribute isContentEditable
</span><span class="cx"> PASS HTMLElement interface: attribute inputMode
</span><span class="cx"> PASS HTMLElement interface: attribute dataset
</span><del>-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS HTMLElement interface: attribute nonce
</ins><span class="cx"> PASS HTMLElement interface: attribute autofocus
</span><span class="cx"> PASS HTMLElement interface: attribute tabIndex
</span><span class="cx"> PASS HTMLElement interface: operation focus(optional FocusOptions)
</span><span class="lines">@@ -429,7 +429,7 @@
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
</span><del>-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
</del><ins>+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
</ins><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
</span><span class="lines">@@ -5335,7 +5335,7 @@
</span><span class="cx"> PASS SVGElement interface: attribute oncut
</span><span class="cx"> PASS SVGElement interface: attribute onpaste
</span><span class="cx"> PASS SVGElement interface: attribute dataset
</span><del>-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS SVGElement interface: attribute nonce
</ins><span class="cx"> PASS SVGElement interface: attribute autofocus
</span><span class="cx"> PASS SVGElement interface: attribute tabIndex
</span><span class="cx"> PASS SVGElement interface: operation focus(optional FocusOptions)
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk2importedw3cwebplatformtestshtmldomreflectionmiscexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/mac-wk2/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt    2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -967,23 +967,23 @@
</span><span class="cx"> PASS script.nonce: setAttribute() to null
</span><span class="cx"> PASS script.nonce: setAttribute() to object "test-toString"
</span><span class="cx"> PASS script.nonce: setAttribute() to object "test-valueOf"
</span><del>-PASS script.nonce: IDL set to ""
-PASS script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo "
-PASS script.nonce: IDL set to undefined
-PASS script.nonce: IDL set to 7
-PASS script.nonce: IDL set to 1.5
-PASS script.nonce: IDL set to "5%"
-PASS script.nonce: IDL set to "+100"
-PASS script.nonce: IDL set to ".5"
-PASS script.nonce: IDL set to true
-PASS script.nonce: IDL set to false
-PASS script.nonce: IDL set to object "[object Object]"
-PASS script.nonce: IDL set to NaN
-PASS script.nonce: IDL set to Infinity
-PASS script.nonce: IDL set to -Infinity
-PASS script.nonce: IDL set to "\0"
-PASS script.nonce: IDL set to null
-PASS script.nonce: IDL set to object "test-toString"
</del><ins>+FAIL script.nonce: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf"
+FAIL script.nonce: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f  foo " but got "test-valueOf"
+FAIL script.nonce: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf"
+FAIL script.nonce: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf"
+FAIL script.nonce: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf"
+FAIL script.nonce: IDL set to "5%" assert_equals: getAttribute() expected "5%" but got "test-valueOf"
+FAIL script.nonce: IDL set to "+100" assert_equals: getAttribute() expected "+100" but got "test-valueOf"
+FAIL script.nonce: IDL set to ".5" assert_equals: getAttribute() expected ".5" but got "test-valueOf"
+FAIL script.nonce: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf"
+FAIL script.nonce: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf"
+FAIL script.nonce: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf"
+FAIL script.nonce: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf"
+FAIL script.nonce: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf"
+FAIL script.nonce: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf"
+FAIL script.nonce: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf"
</ins><span class="cx"> PASS script.nonce: IDL set to object "test-valueOf"
</span><span class="cx"> PASS script.integrity: typeof IDL attribute
</span><span class="cx"> PASS script.integrity: IDL get with DOM attribute unset
</span></span></pre></div>
<a id="trunkLayoutTestsplatformwpeimportedw3cwebplatformtestshtmldomidlharnesshttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt    2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/LayoutTests/platform/wpe/imported/w3c/web-platform-tests/html/dom/idlharness.https-expected.txt       2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -334,7 +334,7 @@
</span><span class="cx"> PASS HTMLElement interface: attribute isContentEditable
</span><span class="cx"> PASS HTMLElement interface: attribute inputMode
</span><span class="cx"> PASS HTMLElement interface: attribute dataset
</span><del>-FAIL HTMLElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS HTMLElement interface: attribute nonce
</ins><span class="cx"> FAIL HTMLElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS HTMLElement interface: attribute tabIndex
</span><span class="cx"> PASS HTMLElement interface: operation focus(optional FocusOptions)
</span><span class="lines">@@ -429,7 +429,7 @@
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "isContentEditable" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "inputMode" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "dataset" with the proper type
</span><del>-FAIL HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type assert_inherits: property "nonce" not found in prototype chain
</del><ins>+PASS HTMLElement interface: document.createElement("noscript") must inherit property "nonce" with the proper type
</ins><span class="cx"> FAIL HTMLElement interface: document.createElement("noscript") must inherit property "autofocus" with the proper type assert_inherits: property "autofocus" not found in prototype chain
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "tabIndex" with the proper type
</span><span class="cx"> PASS HTMLElement interface: document.createElement("noscript") must inherit property "focus(optional FocusOptions)" with the proper type
</span><span class="lines">@@ -5335,7 +5335,7 @@
</span><span class="cx"> PASS SVGElement interface: attribute oncut
</span><span class="cx"> PASS SVGElement interface: attribute onpaste
</span><span class="cx"> PASS SVGElement interface: attribute dataset
</span><del>-FAIL SVGElement interface: attribute nonce assert_true: The prototype object must have a property "nonce" expected true got false
</del><ins>+PASS SVGElement interface: attribute nonce
</ins><span class="cx"> FAIL SVGElement interface: attribute autofocus assert_true: The prototype object must have a property "autofocus" expected true got false
</span><span class="cx"> PASS SVGElement interface: attribute tabIndex
</span><span class="cx"> PASS SVGElement interface: operation focus(optional FocusOptions)
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog   2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/ChangeLog      2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -1,3 +1,47 @@
</span><ins>+2021-11-08  Patrick Griffis  <pgriffis@igalia.com>
+
+        Implement nonce-hiding
+        https://bugs.webkit.org/show_bug.cgi?id=179728
+
+        Reviewed by Chris Dumez.
+
+        This is a hardening technique implemented by both Firefox and Chromium.
+
+        The behavior is documented here: https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes
+
+        * dom/Element.cpp:
+        (WebCore::Element::nonce const):
+        (WebCore::Element::setNonce):
+        (WebCore::Element::hideNonce):
+        (WebCore::Element::attributeChanged):
+        (WebCore::Element::cloneAttributesFromElement):
+        * dom/Element.h:
+        * dom/ElementRareData.cpp:
+        * dom/ElementRareData.h:
+        (WebCore::ElementRareData::nonce const):
+        (WebCore::ElementRareData::setNonce):
+        (WebCore::ElementRareData::useTypes const):
+        * dom/InlineClassicScript.cpp:
+        (WebCore::InlineClassicScript::create):
+        * dom/InlineStyleSheetOwner.cpp:
+        (WebCore::InlineStyleSheetOwner::createSheet):
+        * dom/NodeRareData.h:
+        * dom/ScriptElement.cpp:
+        (WebCore::ScriptElement::requestClassicScript):
+        (WebCore::ScriptElement::requestModuleScript):
+        (WebCore::ScriptElement::executeClassicScript):
+        * html/HTMLElement.cpp:
+        (WebCore::HTMLElement::insertedIntoAncestor):
+        * html/HTMLElement.h:
+        * html/HTMLOrForeignElement.idl:
+        * html/HTMLScriptElement.idl:
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+        * page/csp/ContentSecurityPolicy.h:
+        (WebCore::ContentSecurityPolicy::isHeaderDelivered const):
+        * svg/SVGElement.cpp:
+        (WebCore::SVGElement::insertedIntoAncestor):
+
</ins><span class="cx"> 2021-11-08  J Pascoe  <j_pascoe@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [WebAuthn] challenge does not get passed to -[_WKWebAuthenticationPanel getAssertionWithChallenge:origin:options:completionHandler:]
</span></span></pre></div>
<a id="trunkSourceWebCoredomElementcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Element.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Element.cpp     2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/Element.cpp        2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -314,6 +314,38 @@
</span><span class="cx">     return -1;
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+const AtomString& Element::nonce() const
+{
+    return hasRareData() ? elementRareData()->nonce() : emptyAtom();
+}
+
+void Element::setNonce(const AtomString& newValue)
+{
+    if (newValue == emptyAtom() && !hasRareData())
+        return;
+
+    ensureElementRareData().setNonce(newValue);
+}
+
+void Element::hideNonce()
+{
+    // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#nonce-attributes
+    if (!isConnected())
+        return;
+
+    const auto& csp = document().contentSecurityPolicy();
+    if (!csp->isHeaderDelivered())
+        return;
+
+    // Retain previous IDL nonce.
+    AtomString currentNonce = nonce();
+
+    if (!getAttribute(nonceAttr).isEmpty())
+        setAttribute(nonceAttr, emptyAtom());
+
+    setNonce(currentNonce);
+}
+
</ins><span class="cx"> bool Element::supportsFocus() const
</span><span class="cx"> {
</span><span class="cx">     return !!tabIndexSetExplicitly();
</span><span class="lines">@@ -1860,7 +1892,10 @@
</span><span class="cx">                 treeScope().idTargetObserverRegistry().notifyObservers(*newValue.impl());
</span><span class="cx">         } else if (name == HTMLNames::nameAttr)
</span><span class="cx">             elementData()->setHasNameAttribute(!newValue.isNull());
</span><del>-        else if (name == HTMLNames::pseudoAttr) {
</del><ins>+        else if (name == HTMLNames::nonceAttr) {
+            if (is<HTMLElement>(*this) || is<SVGElement>(*this))
+                setNonce(newValue.isNull() ? emptyAtom() : newValue);
+        } else if (name == HTMLNames::pseudoAttr) {
</ins><span class="cx">             if (needsStyleInvalidation() && isInShadowTree())
</span><span class="cx">                 invalidateStyleForSubtree();
</span><span class="cx">         } else if (name == HTMLNames::slotAttr) {
</span><span class="lines">@@ -4483,6 +4518,8 @@
</span><span class="cx"> 
</span><span class="cx">     for (const Attribute& attribute : attributesIterator())
</span><span class="cx">         attributeChanged(attribute.name(), nullAtom(), attribute.value(), ModifiedByCloning);
</span><ins>+
+    setNonce(other.nonce());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void Element::cloneDataFromElement(const Element& other)
</span></span></pre></div>
<a id="trunkSourceWebCoredomElementh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Element.h (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Element.h       2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/Element.h  2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -359,6 +359,11 @@
</span><span class="cx">     WEBCORE_EXPORT void setTabIndexForBindings(int);
</span><span class="cx">     virtual RefPtr<Element> focusDelegate();
</span><span class="cx"> 
</span><ins>+    // Used by the HTMLElement and SVGElement IDLs.
+    WEBCORE_EXPORT const AtomString& nonce() const;
+    WEBCORE_EXPORT void setNonce(const AtomString&);
+    void hideNonce();
+
</ins><span class="cx">     ExceptionOr<void> insertAdjacentHTML(const String& where, const String& html, NodeVector* addedNodes);
</span><span class="cx"> 
</span><span class="cx">     WEBCORE_EXPORT ExceptionOr<Element*> insertAdjacentElement(const String& where, Element& newChild);
</span></span></pre></div>
<a id="trunkSourceWebCoredomElementRareDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/ElementRareData.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/ElementRareData.cpp     2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/ElementRareData.cpp        2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -37,7 +37,7 @@
</span><span class="cx">     LayoutSize sizeForResizing;
</span><span class="cx">     IntPoint savedLayerScrollPosition;
</span><span class="cx">     Vector<std::unique_ptr<ElementAnimationRareData>> animationRareData;
</span><del>-    void* pointers[10];
</del><ins>+    void* pointers[11];
</ins><span class="cx">     void* intersectionObserverData;
</span><span class="cx"> #if ENABLE(CSS_TYPED_OM)
</span><span class="cx">     void* typedOMData;
</span></span></pre></div>
<a id="trunkSourceWebCoredomElementRareDatah"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/ElementRareData.h (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/ElementRareData.h       2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/ElementRareData.h  2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -103,6 +103,9 @@
</span><span class="cx">     ResizeObserverData* resizeObserverData() { return m_resizeObserverData.get(); }
</span><span class="cx">     void setResizeObserverData(std::unique_ptr<ResizeObserverData>&& data) { m_resizeObserverData = WTFMove(data); }
</span><span class="cx"> 
</span><ins>+    const AtomString& nonce() const { return m_nonce; }
+    void setNonce(const AtomString& value) { m_nonce = value; }
+
</ins><span class="cx"> #if ENABLE(CSS_TYPED_OM)
</span><span class="cx">     StylePropertyMap* attributeStyleMap() { return m_attributeStyleMap.get(); }
</span><span class="cx">     void setAttributeStyleMap(Ref<StylePropertyMap>&& map) { m_attributeStyleMap = WTFMove(map); }
</span><span class="lines">@@ -146,6 +149,8 @@
</span><span class="cx">             result.add(UseType::PartList);
</span><span class="cx">         if (!m_partNames.isEmpty())
</span><span class="cx">             result.add(UseType::PartNames);
</span><ins>+        if (m_nonce)
+            result.add(UseType::Nonce);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx"> #endif
</span><span class="lines">@@ -177,6 +182,8 @@
</span><span class="cx">     std::unique_ptr<DOMTokenList> m_partList;
</span><span class="cx">     SpaceSplitString m_partNames;
</span><span class="cx"> 
</span><ins>+    AtomString m_nonce;
+
</ins><span class="cx">     void releasePseudoElement(PseudoElement*);
</span><span class="cx"> };
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebCoredomInlineClassicScriptcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/InlineClassicScript.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/InlineClassicScript.cpp 2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/InlineClassicScript.cpp    2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -36,7 +36,7 @@
</span><span class="cx"> {
</span><span class="cx">     auto& element = scriptElement.element();
</span><span class="cx">     return adoptRef(*new InlineClassicScript(
</span><del>-        element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
</del><ins>+        element.nonce(),
</ins><span class="cx">         element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr),
</span><span class="cx">         scriptElement.scriptCharset(),
</span><span class="cx">         element.localName(),
</span></span></pre></div>
<a id="trunkSourceWebCoredomInlineStyleSheetOwnercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp       2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/InlineStyleSheetOwner.cpp  2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -168,7 +168,7 @@
</span><span class="cx"> 
</span><span class="cx">     ASSERT(document.contentSecurityPolicy());
</span><span class="cx">     const ContentSecurityPolicy& contentSecurityPolicy = *document.contentSecurityPolicy();
</span><del>-    bool hasKnownNonce = contentSecurityPolicy.allowStyleWithNonce(element.attributeWithoutSynchronization(HTMLNames::nonceAttr), element.isInUserAgentShadowTree());
</del><ins>+    bool hasKnownNonce = contentSecurityPolicy.allowStyleWithNonce(element.nonce(), element.isInUserAgentShadowTree());
</ins><span class="cx">     if (!contentSecurityPolicy.allowInlineStyle(document.url().string(), m_startTextPosition.m_line, text, CheckUnsafeHashes::No, hasKnownNonce))
</span><span class="cx">         return;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebCoredomNodeRareDatah"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/NodeRareData.h (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/NodeRareData.h  2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/NodeRareData.h     2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -263,6 +263,7 @@
</span><span class="cx">         StyleMap = 1 << 15,
</span><span class="cx">         PartList = 1 << 16,
</span><span class="cx">         PartNames = 1 << 17,
</span><ins>+        Nonce = 1 << 18,
</ins><span class="cx">     };
</span><span class="cx"> #endif
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebCoredomScriptElementcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/ScriptElement.cpp       2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp  2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -291,7 +291,7 @@
</span><span class="cx">     ASSERT(!m_loadableScript);
</span><span class="cx">     if (!stripLeadingAndTrailingHTMLSpaces(sourceURL).isEmpty()) {
</span><span class="cx">         auto script = LoadableClassicScript::create(
</span><del>-            m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
</del><ins>+            m_element.nonce(),
</ins><span class="cx">             m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(),
</span><span class="cx">             referrerPolicy(),
</span><span class="cx">             m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr),
</span><span class="lines">@@ -304,7 +304,7 @@
</span><span class="cx">         m_element.document().willLoadScriptElement(scriptURL);
</span><span class="cx"> 
</span><span class="cx">         const auto& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
</span><del>-        if (!contentSecurityPolicy.allowNonParserInsertedScripts(scriptURL, m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), String(), m_parserInserted))
</del><ins>+        if (!contentSecurityPolicy.allowNonParserInsertedScripts(scriptURL, m_element.nonce(), String(), m_parserInserted))
</ins><span class="cx">             return false;
</span><span class="cx"> 
</span><span class="cx">         if (script->load(m_element.document(), scriptURL)) {
</span><span class="lines">@@ -326,7 +326,7 @@
</span><span class="cx"> {
</span><span class="cx">     // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
</span><span class="cx">     // Module is always CORS request. If attribute is not given, it should be same-origin credential.
</span><del>-    String nonce = m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr);
</del><ins>+    String nonce = m_element.nonce();
</ins><span class="cx">     String crossOriginMode = m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
</span><span class="cx">     if (crossOriginMode.isNull())
</span><span class="cx">         crossOriginMode = ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule;
</span><span class="lines">@@ -397,10 +397,10 @@
</span><span class="cx">     if (!m_isExternalScript) {
</span><span class="cx">         ASSERT(m_element.document().contentSecurityPolicy());
</span><span class="cx">         const ContentSecurityPolicy& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
</span><del>-        if (!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(), m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), sourceCode.source(), m_parserInserted))
</del><ins>+        if (!contentSecurityPolicy.allowNonParserInsertedScripts(m_element.document().url(), m_element.nonce(), sourceCode.source(), m_parserInserted))
</ins><span class="cx">             return;
</span><span class="cx"> 
</span><del>-        bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), m_element.isInUserAgentShadowTree());
</del><ins>+        bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.nonce(), m_element.isInUserAgentShadowTree());
</ins><span class="cx">         if (!contentSecurityPolicy.allowInlineScript(m_element.document().url().string(), m_startLineNumber, sourceCode.source(), hasKnownNonce))
</span><span class="cx">             return;
</span><span class="cx">     }
</span></span></pre></div>
<a id="trunkSourceWebCorehtmlHTMLElementcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLElement.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/html/HTMLElement.cpp        2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLElement.cpp   2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -499,6 +499,13 @@
</span><span class="cx">         setAttributeEventListener(eventName, name, value);
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+Node::InsertedIntoAncestorResult HTMLElement::insertedIntoAncestor(InsertionType insertionType, ContainerNode& containerNode)
+{
+    auto result = Element::insertedIntoAncestor(insertionType, containerNode);
+    hideNonce();
+    return result;
+}
+
</ins><span class="cx"> static Ref<DocumentFragment> textToFragment(Document& document, const String& text)
</span><span class="cx"> {
</span><span class="cx">     auto fragment = DocumentFragment::create(document);
</span></span></pre></div>
<a id="trunkSourceWebCorehtmlHTMLElementh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLElement.h (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/html/HTMLElement.h  2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLElement.h     2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -166,6 +166,7 @@
</span><span class="cx"> 
</span><span class="cx">     bool matchesReadWritePseudoClass() const override;
</span><span class="cx">     void parseAttribute(const QualifiedName&, const AtomString&) override;
</span><ins>+    Node::InsertedIntoAncestorResult insertedIntoAncestor(InsertionType , ContainerNode& parentOfInsertedTree) override;
</ins><span class="cx">     bool hasPresentationalHintsForAttribute(const QualifiedName&) const override;
</span><span class="cx">     void collectPresentationalHintsForAttribute(const QualifiedName&, const AtomString&, MutableStyleProperties&) override;
</span><span class="cx">     unsigned parseBorderWidthAttribute(const AtomString&) const;
</span></span></pre></div>
<a id="trunkSourceWebCorehtmlHTMLOrForeignElementidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLOrForeignElement.idl (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/html/HTMLOrForeignElement.idl       2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLOrForeignElement.idl  2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -28,8 +28,7 @@
</span><span class="cx"> // https://github.com/whatwg/html/issues/4702
</span><span class="cx"> interface mixin HTMLOrForeignElement {
</span><span class="cx">     [SameObject] readonly attribute DOMStringMap dataset;
</span><del>-    // FIXME: Implement 'nonce'.
-    // attribute DOMString nonce; // intentionally no [CEReactions]
</del><ins>+    attribute DOMString nonce; // intentionally no [CEReactions]
</ins><span class="cx"> 
</span><span class="cx">     [CEReactions=NotNeeded, Reflect] attribute boolean autofocus;
</span><span class="cx">     [CEReactions, ImplementedAs=tabIndexForBindings] attribute long tabIndex;
</span></span></pre></div>
<a id="trunkSourceWebCorehtmlHTMLScriptElementidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLScriptElement.idl (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/html/HTMLScriptElement.idl  2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/html/HTMLScriptElement.idl     2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -30,7 +30,6 @@
</span><span class="cx">     [CEReactions=NotNeeded, Reflect, URL] attribute USVString src;
</span><span class="cx">     [CEReactions=NotNeeded, Reflect] attribute DOMString type;
</span><span class="cx">     [CEReactions=NotNeeded] attribute DOMString? crossOrigin;
</span><del>-    [Reflect] attribute DOMString nonce;
</del><span class="cx">     [CEReactions=NotNeeded, Reflect] attribute boolean noModule;
</span><span class="cx">     [CEReactions=NotNeeded, Reflect, EnabledBySetting=SubresourceIntegrityEnabled] attribute DOMString integrity;
</span><span class="cx">     [EnabledBySetting=ReferrerPolicyAttributeEnabled, ImplementedAs=referrerPolicyForBindings, CEReactions=NotNeeded] attribute DOMString referrerPolicy;
</span></span></pre></div>
<a id="trunkSourceWebCorepagecspContentSecurityPolicycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp  2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp     2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -195,7 +195,8 @@
</span><span class="cx">     if (policyFrom == PolicyFrom::API) {
</span><span class="cx">         ASSERT(m_policies.isEmpty());
</span><span class="cx">         m_hasAPIPolicy = true;
</span><del>-    }
</del><ins>+    } else if (policyFrom == PolicyFrom::HTTPHeader)
+        m_isHeaderDelivered = true;
</ins><span class="cx"> 
</span><span class="cx">     m_cachedResponseHeaders = std::nullopt;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebCorepagecspContentSecurityPolicyh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h    2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h       2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -185,6 +185,8 @@
</span><span class="cx"> 
</span><span class="cx">     SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
</span><span class="cx"> 
</span><ins>+    bool isHeaderDelivered() const { return m_isHeaderDelivered; }
+
</ins><span class="cx"> private:
</span><span class="cx">     void logToConsole(const String& message, const String& contextURL = String(), const OrdinalNumber& contextLine = OrdinalNumber::beforeFirst(), const OrdinalNumber& contextColumn = OrdinalNumber::beforeFirst(), JSC::JSGlobalObject* = nullptr) const;
</span><span class="cx">     void applyPolicyToScriptExecutionContext();
</span><span class="lines">@@ -247,6 +249,7 @@
</span><span class="cx">     OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineStylesheets;
</span><span class="cx">     HashSet<SecurityOriginData> m_insecureNavigationRequestsToUpgrade;
</span><span class="cx">     mutable std::optional<ContentSecurityPolicyResponseHeaders> m_cachedResponseHeaders;
</span><ins>+    bool m_isHeaderDelivered { false };
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCoresvgSVGElementcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/svg/SVGElement.cpp (285477 => 285478)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/svg/SVGElement.cpp  2021-11-09 02:11:14 UTC (rev 285477)
+++ trunk/Source/WebCore/svg/SVGElement.cpp     2021-11-09 02:26:15 UTC (rev 285478)
</span><span class="lines">@@ -894,6 +894,8 @@
</span><span class="cx">             return InsertedIntoAncestorResult::NeedsPostInsertionCallback;
</span><span class="cx">     }
</span><span class="cx"> 
</span><ins>+    hideNonce();
+
</ins><span class="cx">     return InsertedIntoAncestorResult::Done;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>