DescriptionAdjust the <script nonce>-hiding experiment
After a bit more conversation, this patch follows up on the initial stab
at attribute changes in https://codereview.chromium.org/2628733005 in two
ways:
1. It fixes some bits and pieces of SVGScriptElement handling that were
simply broken in the initial patch (e.g. the 'nonce' attribute wasn't
actually exposed via IDL), and adds SVG-based tests.
2. We no longer clear the nonce value after execution; we're already
preventing re-execution of a script block with a check in
'ScriptLoader::prepareScript' so there's little added value in
removing the nonce, but it incurs some non-trivial cost by making
manual nonce propagation difficult.
BUG=680419
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2644143005
Cr-Commit-Position: refs/heads/master@{#445049}
Committed: https://chromium.googlesource.com/chromium/src/+/a7a3f277b70327d2fd2f383acba1b1c2c78f018c
Patch Set 1 #Patch Set 2 : webexposed #Messages
Total messages: 13 (8 generated)
|