Bug 192667

Summary: Implement duplicate attribute flag on script elements (needed for CSP)
Product: WebKit Reporter: Andy Paicu <andypaicu>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: bfulgham, cdumez, dbates
Priority: P2    
Version: WebKit Nightly Build   
Hardware: All   
OS: All   

Andy Paicu
Reported 2018-12-13 09:02:58 PST
After this PR https://github.com/whatwg/html/pull/4223, the <script> element will need to record in a flag whether a duplicate attribute was found during parsing. This flag is then used in this CSP check: https://w3c.github.io/webappsec-csp/#is-element-nonceable (after this PR lands: https://github.com/w3c/webappsec-csp/pull/377) WPT test: https://github.com/web-platform-tests/wpt/blob/master/content-security-policy/script-src/nonce-enforce-blocked.html
Attachments
Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2022-07-01 16:12:40 PDT
We now correctly handle this test case.
Note You need to log in before you can comment on or make changes to this bug.