Conversation
Member
Author
|
I'll add at least one test to ensure this nonce attribute also works generically and then I think I've done more than my share on this feature... |
Member
Author
|
Filed https://bugs.chromium.org/p/chromium/issues/detail?id=1053496 on the Chrome failures. |
3 tasks
mikewest
approved these changes
Feb 19, 2020
Member
mikewest
left a comment
There was a problem hiding this comment.
These LGTM. Thank you for putting them together, and for filing the bug against Chromium. I really appreciate your effort.
Member
Author
|
@mikewest I'm going to assume these final changes are okay per your comments elsewhere, but happy to take more feedback. (Including after landing these.) |
annevk
added a commit
to whatwg/html
that referenced
this pull request
Feb 20, 2020
Also clarify some prose around the nonce content attribute, including that it does in fact update the slot upon removal. Tests: web-platform-tests/wpt#21853. Fixes #5288.
Member
|
FYI: I updated Chrome to match with the new expectations. |
Member
Author
|
Thanks @ArthurSonzogni! |
blueboxd
pushed a commit
to blueboxd/chromium-legacy
that referenced
this pull request
Mar 4, 2020
According to CSP, nonce are handled the same way for both HTMLElement and SVGElement. Both are setting the nonce when the Element is inserted, but only the HTMLElement was supporting "modifying" a nonce. It looks like a bug in Chrome found by annevk@: web-platform-tests/wpt#21853 This patch fixes the issue. It was meant to fix the WPT test: - content-security-policy/nonce-hiding/nonces.html But it turns out it is also fixing two more tests - content-security-policy/nonce-hiding/svgscript-nonces-hidden.html - content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta-sub.html Bug: 1053496 Change-Id: I872cae74817bff2f5f910dcd7864fc97426c49cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2075340 Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#746774}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For whatwg/html#5300.
Supersedes #5423.