| Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-nonces-hidden.php
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-nonces-hidden.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-nonces-hidden.php
|
| index b2a5f04e7dba69038145e9dc6a1c5814e75af9d0..d1215d6e437bd4f96c52d99459aec0bdc3c8301c 100644
|
| --- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-nonces-hidden.php
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-nonces-hidden.php
|
| @@ -11,31 +11,64 @@
|
| assert_equals(document.querySelector('[nonce=abc]'), null);
|
| assert_equals(document.currentScript.getAttribute('nonce'), '[Replaced]');
|
| assert_equals(document.currentScript.nonce, 'abc');
|
| - }, "Reading 'nonce' content attribute and IDL attribute.");
|
| + }, "HTML: Reading 'nonce' content attribute and IDL attribute.");
|
|
|
| test(t => {
|
| document.currentScript.setAttribute('nonce', 'xyz');
|
| assert_equals(document.currentScript.getAttribute('nonce'), '[Replaced]');
|
| assert_equals(document.currentScript.nonce, 'xyz');
|
| - }, "Writing 'nonce' content attribute.");
|
| + }, "HTML: Writing 'nonce' content attribute.");
|
|
|
| test(t => {
|
| assert_equals(document.currentScript.nonce, 'xyz');
|
| document.currentScript.nonce = 'foo';
|
| assert_equals(document.currentScript.nonce, 'foo');
|
| - }, "Writing 'nonce' DOM attribute.");
|
| + assert_equals(document.currentScript.getAttribute('nonce'), '[Replaced]');
|
| + }, "HTML: Writing 'nonce' DOM attribute.");
|
|
|
| async_test(t => {
|
| var script = document.currentScript;
|
| assert_equals(script.nonce, 'foo');
|
|
|
| - setTimeout(_ => {
|
| - assert_equals(script.nonce, "");
|
| - t.done();
|
| - }, 1);
|
| - }, "'nonce' DOM attribute cleared after current task.");
|
| + setTimeout(t.step_func_done(_ => {
|
| + assert_equals(script.nonce, "foo");
|
| + }), 1);
|
| + }, "HTML: 'nonce' DOM attribute present after current task.");
|
| </script>
|
|
|
| +<!-- SVGScriptElement -->
|
| +<svg xmlns="http://www.w3.org/2000/svg">
|
| + <script nonce="abc">
|
| + test(t => {
|
| + assert_equals(document.querySelector('[nonce=abc]'), null);
|
| + assert_equals(document.currentScript.getAttribute('nonce'), '[Replaced]');
|
| + assert_equals(document.currentScript.nonce, 'abc');
|
| + }, "SVG: Reading 'nonce' content attribute and IDL attribute.");
|
| +
|
| + test(t => {
|
| + document.currentScript.setAttribute('nonce', 'xyz');
|
| + assert_equals(document.currentScript.getAttribute('nonce'), '[Replaced]');
|
| + assert_equals(document.currentScript.nonce, 'xyz');
|
| + }, "SVG: Writing 'nonce' content attribute.");
|
| +
|
| + test(t => {
|
| + assert_equals(document.currentScript.nonce, 'xyz');
|
| + document.currentScript.nonce = 'foo';
|
| + assert_equals(document.currentScript.nonce, 'foo');
|
| + assert_equals(document.currentScript.getAttribute('nonce'), '[Replaced]');
|
| + }, "SVG: Writing 'nonce' DOM attribute.");
|
| +
|
| + async_test(t => {
|
| + var script = document.currentScript;
|
| + assert_equals(script.nonce, 'foo');
|
| +
|
| + setTimeout(t.step_func_done(_ => {
|
| + assert_equals(script.nonce, "foo");
|
| + }), 1);
|
| + }, "SVG: 'nonce' DOM attribute present after current task.");
|
| + </script>
|
| +</svg>
|
| +
|
| <!-- CSS Leakage -->
|
| <style>
|
| #test { display: block; }
|
|
|
Chromium Code Reviews
Issue 2644143005:
Adjust the <script nonce>-hiding experiment (Closed)
