From c70f383897c785c804fa7e7df2bbc1d004a3b973 Mon Sep 17 00:00:00 2001 From: arthursonzogni Date: Wed, 4 Mar 2020 14:52:43 +0000 Subject: [PATCH] [CSP] Make SVGElement to handle "nonce" the same way as HTMLElement. According to CSP, nonce are handled the same way for both HTMLElement and SVGElement. Both are setting the nonce when the Element is inserted, but only the HTMLElement was supporting "modifying" a nonce. It looks like a bug in Chrome found by annevk@: https://github.com/web-platform-tests/wpt/pull/21853 This patch fixes the issue. It was meant to fix the WPT test: - content-security-policy/nonce-hiding/nonces.html But it turns out it is also fixing two more tests - content-security-policy/nonce-hiding/svgscript-nonces-hidden.html - content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta-sub.html Bug: 1053496 Change-Id: I872cae74817bff2f5f910dcd7864fc97426c49cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2075340 Reviewed-by: Mike West Commit-Queue: Arthur Sonzogni Cr-Commit-Position: refs/heads/master@{#746774} --- .../blink/renderer/core/svg/svg_element.cc | 6 ++++++ .../nonce-hiding/nonces-expected.txt | 15 --------------- .../svgscript-nonces-hidden-expected.txt | 12 ------------ .../svgscript-nonces-hidden-meta.sub-expected.txt | 12 ------------ 4 files changed, 6 insertions(+), 39 deletions(-) delete mode 100644 third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/nonces-expected.txt delete mode 100644 third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt delete mode 100644 third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt diff --git a/third_party/blink/renderer/core/svg/svg_element.cc b/third_party/blink/renderer/core/svg/svg_element.cc index be5a681b320483..c2b425ce3888a5 100644 --- a/third_party/blink/renderer/core/svg/svg_element.cc +++ b/third_party/blink/renderer/core/svg/svg_element.cc @@ -620,6 +620,12 @@ void SVGElement::ParseAttribute(const AttributeModificationParams& params) { return; } + // SVGElement and HTMLElement are handling "nonce" the same way. + if (params.name == html_names::kNonceAttr) { + if (params.new_value != g_empty_atom) + setNonce(params.new_value); + } + const AtomicString& event_name = HTMLElement::EventNameForAttributeName(params.name); if (!event_name.IsNull()) { diff --git a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/nonces-expected.txt b/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/nonces-expected.txt deleted file mode 100644 index b9c30eda22e833..00000000000000 --- a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/nonces-expected.txt +++ /dev/null @@ -1,15 +0,0 @@ -This is a testharness.js-based test. -PASS Basic nonce tests for meh in HTML namespace -PASS Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace -PASS Basic nonce tests for div in HTML namespace -PASS Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace -PASS Basic nonce tests for script in HTML namespace -PASS Ensure that removal of content attribute does not affect IDL attribute for script in HTML namespace -FAIL Basic nonce tests for meh in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got "" -FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got "" -FAIL Basic nonce tests for svg in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got "" -FAIL Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got "" -FAIL Basic nonce tests for script in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got "" -FAIL Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got "" -Harness: the test ran to completion. - diff --git a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt b/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt deleted file mode 100644 index 05dc3875a3edb5..00000000000000 --- a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt +++ /dev/null @@ -1,12 +0,0 @@ -This is a testharness.js-based test. -PASS Reading 'nonce' content attribute and IDL attribute. -PASS Cloned node retains nonce. -PASS Cloned node retains nonce when inserted. -FAIL Writing 'nonce' content attribute. assert_equals: expected "foo" but got "abc" -PASS Writing 'nonce' IDL attribute. -PASS Document-written script executes. -PASS Document-written script's nonce value. -PASS createElement.nonce. -PASS createElement.setAttribute. -Harness: the test ran to completion. - diff --git a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt b/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt deleted file mode 100644 index 05dc3875a3edb5..00000000000000 --- a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt +++ /dev/null @@ -1,12 +0,0 @@ -This is a testharness.js-based test. -PASS Reading 'nonce' content attribute and IDL attribute. -PASS Cloned node retains nonce. -PASS Cloned node retains nonce when inserted. -FAIL Writing 'nonce' content attribute. assert_equals: expected "foo" but got "abc" -PASS Writing 'nonce' IDL attribute. -PASS Document-written script executes. -PASS Document-written script's nonce value. -PASS createElement.nonce. -PASS createElement.setAttribute. -Harness: the test ran to completion. -