From e1fe3e9025b31978d4b4b1753b15303734c3844b Mon Sep 17 00:00:00 2001
From: Mike West A nonce content attribute represents a cryptographic nonce ("number
+ used once") which can be used by Content Security Policy to determine whether or not
+ a given fetch will be allowed to proceed. The value is text. Elements that have a nonce content attribute ensure that the crytographic nonce is
+ only exposed to script (and not to side-channels like CSS attribute selectors) by extracting the
+ value from the content attribute, moving it into an internal slot name [[CryptographicNonce]], and
+ exposing it to script via the Returns the value of the element's Can be set, to update that slot's value. The When such an element that implements If element has a nonce content attribute attr whose value
+ is not the empty string, then: The cloning steps for elements that implement
+ Nonce attributes
+
+ NoncedHTMLElement
interface defined below:[NoInterfaceObject]
+interface NoncedHTMLElement {
+ [CEReactions] attribute DOMString nonce;
+};
+
+
+
+
+ nonce
[[CryptographicNonce]]
internal slot.nonce
IDL attribute must, on
+ getting, return the value of the element's [[CryptographicNonce]]
; and on setting,
+ set the element's [[CryptographicNonce]]
to the specified new value.NoncedHTMLElement
becomes
+ connected, the user agent must immediately execute the following steps on the
+ element:
+
+
+
+
+
+
+ [[CryptographicNonce]]
to nonce.NoncedHTMLElement
must set the [[CryptographicNonce]]
slot on the copy
+ to the value of the slot on the element being cloned.Common DOM interfaces
@@ -12839,7 +12889,6 @@ interface HTMLLinkElement : HTMLElement {
[CEReactions] attribute RequestDestination as; // (default "")
[SameObject, PutForwards=value] readonly attribute DOMTokenList relList;
[CEReactions] attribute DOMString media;
- [CEReactions] attribute DOMString nonce;
[CEReactions] attribute DOMString integrity;
[CEReactions] attribute DOMString hreflang;
[CEReactions] attribute DOMString type;
@@ -12849,7 +12898,9 @@ interface HTMLLinkElement : HTMLElement {
[CEReactions] attribute WorkerType workerType;
[CEReactions] attribute boolean useCache;
};
-HTMLLinkElement implements LinkStyle;
+HTMLLinkElement implements LinkStyle;
+HTMLLinkElement implements NoncedHTMLElement;
+
@@ -12865,6 +12916,10 @@ interface HTMLLinkElement : HTMLElement {
CORS settings attribute. It is intended for use with external resource links.
The nonce
attribute is a nonce content
+ attribute. It is intended for use with external
+ resource links.
The types of link indicated (the relationships) are given by the value of the The The The Set request's cryptographic
- nonce metadata to the current value of the rel
attribute, which, if present, must have a value that is a
set of space-separated tokens. The allowed keywords and their
@@ -12956,11 +13011,6 @@ interface HTMLLinkElement : HTMLElement {
media
attribute says which media the
resource applies to. The value must be a valid media query list.nonce
attribute represents a cryptographic
- nonce ("number used once") which can be used by Content Security Policy to determine
- whether or not an external resource specified by the
- link will be loaded and applied to the document. The value is text. integrity
attribute represents the integrity metadata for requests which this
@@ -13078,7 +13128,6 @@ interface HTMLLinkElement : HTMLElement {
hreflang
,
integrity
,
media
,
- nonce
,
rel
,
scope
,
sizes
, and
@@ -13220,8 +13269,8 @@ interface HTMLLinkElement : HTMLElement {
environment settings object.
link
element's nonce
content attribute.link
element's
+ [[CryptographicNonce]]
internal slot.
Set request's integrity
metadata to the current value of the link
element's [HTMLConstructor]
interface HTMLStyleElement : HTMLElement {
[CEReactions] attribute DOMString media;
- [CEReactions] attribute DOMString nonce;
[CEReactions] attribute DOMString type;
};
-HTMLStyleElement implements LinkStyle;
+HTMLStyleElement implements LinkStyle;
+HTMLStyleElement implements NoncedHTMLElement;
@@ -14605,10 +14654,8 @@ interface HTMLStyleElement : HTMLElement {
attribute is omitted, is "
all
", meaning that by default styles apply to all
media.
The nonce
attribute represents a
- cryptographic nonce ("number used once") which can be used by Content Security Policy
- to determine whether or not the style specified by an element will be applied to the document. The
- value is text.
The nonce
attribute is a nonce content
+ attribute.
The The The The The IDL attributes The If the Otherwise, let cryptographic nonce be the empty string. Let cryptographic nonce be the element's A nonce content attribute represents a cryptographic nonce ("number
- used once") which can be used by Content Security Policy to determine whether or not
- a given fetch will be allowed to proceed. The value is text. A nonce content attribute represents a
+ cryptographic nonce ("number used once") which can be used by Content Security Policy
+ to determine whether or not a given fetch will be allowed to proceed. The value is text. Elements that have a nonce content attribute ensure that the crytographic nonce is
- only exposed to script (and not to side-channels like CSS attribute selectors) by extracting the
- value from the content attribute, moving it into an internal slot name [[CryptographicNonce]], and
- exposing it to script via the Elements that have a The The When such an element that implements When such an element that implements If element has a nonce content attribute attr whose value
- is not the empty string, then: Let CSP list be element's shadow-including root's CSP list. If CSP list contains a header-delivered Content Security Policy, and
+ element has a
+ As each The cloning steps for elements that implement
- The The The The types of link indicated (the relationships) are given by the value of the The The The The The A A When such an element that implements The element is not on the stack of open elements of an HTML parser
+ or XML parser, and it becomes connected or disconnected. If the element becomes browsing-context connected as a result of becoming connected, the update a The If the element becomes browsing-context connected as a result of becoming connected, the prepare a script
+ algorithm must be executed after processing its
+ When upgraded, its constructor is run. When it becomes connected, its When it becomes connected, its If the element becomes browsing-context connected as a result of becoming connected, its When it becomes disconnected, its When such an element that implements Whenever a Whenever a Set an attribute value for
+ element using " Let policy be the result of executing Content Security Policy's parse
a serialized Content Security Policy algorithm on the Remove all occurrences of the The element is not on the stack of open elements of an HTML parser
- or XML parser, and it becomes connected or disconnected. If the element becomes browsing-context connected as a result of becoming connected, the update a The If the element becomes browsing-context connected as a result of becoming connected, the prepare a script
- algorithm must be executed after processing its
- When upgraded, its constructor is run. When it becomes connected, its If the element becomes browsing-context connected as a result of becoming connected, its When it becomes connected, its When it becomes disconnected, its Returns the value of the element's Returns the value of the element's [[CryptographicNonce]] internal slot. Can be set, to update that slot's value. The Whenever a Whenever a Let CSP list be element's shadow-including root's CSP list. Let CSP list be element's shadow-including root's CSP
+ list. If CSP list contains a header-delivered Content Security Policy, and
element has a
- As each As each The cloning steps for elements that implement
- Set request's cryptographic
nonce metadata to the current value of the Set request's integrity
metadata to the current value of the The Let cryptographic nonce be the element's Let cryptographic nonce be the element's [[CryptographicNonce]]
internal slot's value. Whenever a Whenever a title
attribute on
style
elements defines CSS style sheet
@@ -14783,8 +14830,7 @@ c-end = "-->"
media
, nonce
, and The
media
, and type
IDL attributes must reflect the respective
content attributes of the same name.nonce
attribute represents a cryptographic nonce ("number
- used once") which can be used by Content Security Policy to determine whether or not
- the script specified by an element will be executed. The value is text. integrity
attribute represents the HTMLScriptElement : HTMLElement {
src
, type
, charset
, defer
, integrity
, and nonce
, must each reflect the respective
- content attributes of the same name.integrity
, must each reflect the
+ respective content attributes of the same name.crossOrigin
IDL attribute must
reflect the crossorigin
content attribute.script
element has a nonce
- attribute, then let cryptographic nonce be that attribute's value.[[CryptographicNonce]]
+ internal slot's value.
@@ -6868,18 +6870,20 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
frame-ancestors
directivesandbox
directiveNonce attributes
- NoncedHTMLElement
interface defined below:nonce
content attribute ensure that the
+ crytographic nonce is only exposed to script (and not to side-channels like CSS attribute
+ selectors) by extracting the value from the content attribute, moving it into an internal slot
+ named [[CryptographicNonce]], and exposing it to script via the
+ NoncedElement
interface defined below:[NoInterfaceObject]
-interface NoncedHTMLElement {
+interface NoncedElement {
[CEReactions] attribute DOMString nonce;
};
@@ -6891,18 +6895,24 @@ interface NoncedHTMLElement {
- nonce
IDL attribute must, on
+ nonce
IDL attribute must, on
getting, return the value of the element's [[CryptographicNonce]]
; and on setting,
set the element's [[CryptographicNonce]]
to the specified new value.NoncedHTMLElement
becomes
+ NoncedElement
becomes browsing-context
connected, the user agent must immediately execute the following steps on the
- element:
+ element:
+ nonce
content attribute
+ attr whose value is not the empty string, then:
Document
's CSP list is
+ append-only, user agents can optimize away the contains a header-delivered Content Security
+ Policy check by, for example, holding a flag on the Document
, set during
+ Document
+ initialization.
+ NoncedHTMLElement
must set the [[CryptographicNonce]]
slot on the copy
+ NoncedElement
must set the [[CryptographicNonce]]
slot on the copy
to the value of the slot on the element being cloned.Document
.Document
has a CSP list, which is a list of Content Security Policy
- objects active in this context. The list is empty unless otherwise specified.Document
has a module map, which is a module map,
@@ -9923,6 +9942,7 @@ interface HTMLElement : Element {
HTMLElement implements GlobalEventHandlers;
HTMLElement implements DocumentAndElementEventHandlers;
HTMLElement implements ElementContentEditable;
+HTMLElement implements NoncedElement;
// Note: intentionally not [HTMLConstructor]
interface HTMLUnknownElement : HTMLElement { };
@@ -11128,6 +11148,7 @@ https://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20HTML%3E%
itemscope
itemtype
lang
nonce
spellcheck
style
tabindex
crossorigin
rel
media
nonce
integrity
hreflang
type
nonce
attribute is a nonce content
- attribute. It is intended for use with external
- resource links.rel
attribute, which, if present, must have a value that is a
set of space-separated tokens. The allowed keywords and their
@@ -14692,7 +14707,6 @@ people expect to have work and what is necessary.
media
nonce
type
title
attribute has special semantics on this element.all
", meaning that by default styles apply to all
media.nonce
attribute is a nonce content
- attribute.title
attribute on
style
elements defines CSS style sheet
sets. If the style
element has no title
@@ -57640,7 +57650,6 @@ interface HTMLDialogElement : HTMLElement {
async
defer
crossorigin
nonce
integrity
charset
, async
, nomodule
,
defer
, crossorigin
, nonce
- and integrity
attributes must not be specified.
+ data-x="attr-script-crossorigin">crossorigin, and
+ integrity
attributes must not be specified.
nomodule
attribute is a boolean
attribute that prevents a script from being executed in user agents that support
@@ -57803,10 +57811,6 @@ interface HTMLScriptElement : HTMLElement {
data-x="module script">module scripts require the use of the CORS protocol for cross-origin fetching.nonce
attribute is a nonce content
- attribute.integrity
attribute represents the integrity metadata for requests which this
@@ -57820,10 +57824,10 @@ interface HTMLScriptElement : HTMLElement {
data-x="attr-script-type">type, charset
, nomodule
, async
, defer
, crossorigin
, nonce
- and integrity
attributes dynamically has no direct
- effect; these attributes are only used at specific times described below.integrity
attributes dynamically has no direct effect; these
+ attributes are only used at specific times described below.
WorkerGlobalScope
object has an associated CSP list. It is
- initially an empty list.
+ data-dfn-for="WorkerGlobalScope" data-x="concept-WorkerGlobalScope-csp-list">CSP list, which
+ is a CSP list containing all of the Content Security
+ Policy objects active for the worker. It is initially an empty list.WorkerGlobalScope
object has an associated module map.
@@ -115770,7 +115775,6 @@ interface External {
type
;
sizes
;
referrerpolicy
;
- nonce
;
integrity
@@ -116164,7 +116168,6 @@ interface External {
HTMLLinkElement
async
;
defer
;
crossorigin
;
- nonce
;
integrity
@@ -116283,7 +116286,6 @@ interface External {
HTMLScriptElement
varies*
globals;
media
;
- nonce
;
type
@@ -117611,9 +117613,7 @@ interface External {
HTMLStyleElement
Boolean attribute
nonce
- link
;
- script
;
- style
+ HTML elements
Cryptographic nonce used in Content Security Policy checks
Text
From ba33b18a0c87a9733e1673fca31249092c3c2197 Mon Sep 17 00:00:00 2001
From: Mike West NoncedElement
interface defined below:
+ NoncedElement
interface defined below. Unless otherwise specified, the slot's value
+ is the empty string.
[NoInterfaceObject]
interface NoncedElement {
- [CEReactions] attribute DOMString nonce;
+ attribute DOMString nonce;
};
From 0eccfe5fbe40acff06b322f2ccc2e82be9a3bb8c Mon Sep 17 00:00:00 2001
From: Mike West
@@ -14502,7 +14503,8 @@ people expect to have work and what is necessary.
[[CryptographicNonce]]
to the specified new value.
NoncedElement
becomes browsing-context
- connected, the user agent must immediately execute the following steps on the
+ connected, the user agent must immediately process the nonce
attribute by executing the following steps on the
element:
@@ -14808,9 +14809,16 @@ c-end = "-->"
style
block algorithm must be executed after processing its nonce
attribute.
-
script
element becomes connected.script
element becomes connected.nonce
attribute.script
element is connected and a node or document fragment is
inserted into the script
element, after any
@@ -67115,8 +67130,15 @@ customElements.define("x-foo", class extends HTMLElement {
connectedCallback
is
- run.connectedCallback
is
+ run.connectedCallback
must be executed after processing its nonce
attribute.disconnectedCallback
is run.[[CryptographicNonce]]
; and on setting,
set the element's [[CryptographicNonce]]
to the specified new value.
- NoncedElement
becomes browsing-context
- connected, the user agent must immediately process the nonce
attribute by executing the following steps on the
- element:NoncedElement
's nonce
attribute is
+ set or changed, set the element's [[CryptographicNonce]]
to the specified new
+ value.NoncedElement
becomes browsing-context connected, the
+ user agent must executing the following steps on the element:
@@ -12998,8 +13000,7 @@ interface HTMLLinkElement : HTMLElement {
[CEReactions] attribute WorkerType workerType;
[CEReactions] attribute boolean useCache;
};
-HTMLLinkElement implements LinkStyle;
-
+HTMLLinkElement implements LinkStyle;
-
[[CryptographicNonce]]
to nonce.nonce
" and the empty
+ string.meta
element's
- content
attribute's value.content
attribute's value, with a source of "meta",
+ and a disposition of "enforce".
report-uri
,
style
block algorithm must be executed after processing its nonce
attribute.
-
script
element becomes connected.nonce
attribute.script
element becomes connected.script
element is connected and a node or document fragment is
inserted into the script
element, after any
@@ -67130,15 +67118,8 @@ customElements.define("x-foo", class extends HTMLElement {
connectedCallback
is
- run.connectedCallback
must be executed after processing its nonce
attribute.connectedCallback
is
+ run.disconnectedCallback
is run.
nonce
nonce
[[CryptographicNonce]]
internal slot.nonce
IDL attribute must, on
- getting, return the value of the element's [[CryptographicNonce]]
; and on setting,
- set the element's [[CryptographicNonce]]
to the specified new value.NoncedElement
's nonce
attribute is
- set or changed, set the element's [[CryptographicNonce]]
to the specified new
+ set or changed, set the element's [[CryptographicNonce]] to the specified new
value.NoncedElement
becomes browsing-context connected, the
user agent must executing the following steps on the element:
-
- nonce
content attribute
@@ -7060,16 +7059,14 @@ interface NoncedElement {
Document
's CSP list is
- append-only, user agents can optimize away the contains a header-delivered Content Security
- Policy check by, for example, holding a flag on the Document
, set during
- Document
- initialization.
- Document
's CSP
+ list is append-only, user agents can optimize away the contains a header-delivered
+ Content Security Policy check by, for example, holding a flag on the Document
,
+ set during Document
+ initialization.NoncedElement
must set the [[CryptographicNonce]]
slot on the copy
+ NoncedElement
must set the [[CryptographicNonce]] slot on the copy
to the value of the slot on the element being cloned.link
element's
- [[CryptographicNonce]]
internal slot.link
element's HTMLScriptElement : HTMLElement {
defined for the format used. The
src
, async
, nomodule
,
defer
, crossorigin
, and
- integrity
attributes must not be specified.integrity
attributes must not be specified.
nomodule
attribute is a boolean
attribute that prevents a script from being executed in user agents that support
@@ -57902,7 +57899,7 @@ o............A....e
[[CryptographicNonce]]
+ NoncedElement
's nonce
attribute is
- set or changed, set the element's [[CryptographicNonce]] to the specified new
- value.NoncedElement
becomes browsing-context connected, the
user agent must executing the following steps on the element: