third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp - Issue 2628733005: Experiment with hiding <script>'s 'nonce' content attribute. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(37)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2628733005: Experiment with hiding <script>'s 'nonce' content attribute. (Closed)

Patch Set: Ugh. Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/LayoutTests/W3CImportExpectations ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | third_party/WebKit/Source/core/html/HTMLScriptElement.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

index 94b4a054dde9c8527e4c2f3cafc3af6e67a523d6..9a34b96429802d02aec81b9564431ab81df29905 100644

--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

@@ -44,6 +44,7 @@

#include "core/frame/csp/CSPSource.h"

#include "core/frame/csp/MediaListDirective.h"

#include "core/frame/csp/SourceListDirective.h"

+#include "core/html/HTMLScriptElement.h"

#include "core/inspector/ConsoleMessage.h"

#include "core/inspector/InspectorInstrumentation.h"

#include "core/loader/DocumentLoader.h"

@@ -75,8 +76,13 @@

namespace blink {

bool ContentSecurityPolicy::isNonceableElement(const Element* element) {

- if (!element->fastHasAttribute(HTMLNames::nonceAttr))

+ if (RuntimeEnabledFeatures::hideNonceContentAttributeEnabled() &&

+ isHTMLScriptElement(element)) {

+ if (toHTMLScriptElement(element)->nonce().isNull())

+ return false;

+ } else if (!element->fastHasAttribute(HTMLNames::nonceAttr)) {

return false;

+ }

bool nonceable = true;

« third_party/WebKit/LayoutTests/W3CImportExpectations ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | third_party/WebKit/Source/core/html/HTMLScriptElement.h » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698