[CSP] Make SVGElement to handle "nonce" the same way as HTMLElement.

According to CSP, nonce are handled the same way for both HTMLElement and SVGElement. Both are setting the nonce when the Element is inserted, but only the HTMLElement was supporting "modifying" a nonce. It looks like a bug in Chrome found by annevk@: https://github.com/web-platform-tests/wpt/pull/21853 This patch fixes the issue. It was meant to fix the WPT test: - content-security-policy/nonce-hiding/nonces.html But it turns out it is also fixing two more tests - content-security-policy/nonce-hiding/svgscript-nonces-hidden.html - content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta-sub.html Bug: 1053496 Change-Id: I872cae74817bff2f5f910dcd7864fc97426c49cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2075340Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#746774}

[CSP] Make SVGElement to handle "nonce" the same way as HTMLElement.
According to CSP, nonce are handled the same way for both HTMLElement and SVGElement. Both are setting the nonce when the Element is inserted, but only the HTMLElement was supporting "modifying" a nonce. It looks like a bug in Chrome found by annevk@: https://github.com/web-platform-tests/wpt/pull/21853 This patch fixes the issue. It was meant to fix the WPT test: - content-security-policy/nonce-hiding/nonces.html But it turns out it is also fixing two more tests - content-security-policy/nonce-hiding/svgscript-nonces-hidden.html - content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta-sub.html Bug: 1053496 Change-Id: I872cae74817bff2f5f910dcd7864fc97426c49cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2075340Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#746774}
c70f3838 · arthursonzogni · Commit Bot · 722fa412 · c70f3838 · 722fa412
Commit c70f3838 authored Mar 04, 2020 by arthursonzogni Committed by Commit Bot Mar 04, 2020
4 changed files
--- a/third_party/blink/renderer/core/svg/svg_element.cc
+++ b/third_party/blink/renderer/core/svg/svg_element.cc
@@ -620,6 +620,12 @@ void SVGElement::ParseAttribute(const AttributeModificationParams& params) {
    return;
  }
+  // SVGElement and HTMLElement are handling "nonce" the same way.
+  if (params.name == html_names::kNonceAttr) {
+    if (params.new_value != g_empty_atom)
+      setNonce(params.new_value);
+  }
  const AtomicString& event_name =
      HTMLElement::EventNameForAttributeName(params.name);
  if (!event_name.IsNull()) {

--- a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/nonces-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/nonces-expected.txt
-This is a testharness.js-based test.
-PASS Basic nonce tests for meh in HTML namespace
-PASS Ensure that removal of content attribute does not affect IDL attribute for meh in HTML namespace
-PASS Basic nonce tests for div in HTML namespace
-PASS Ensure that removal of content attribute does not affect IDL attribute for div in HTML namespace
-PASS Basic nonce tests for script in HTML namespace
-PASS Ensure that removal of content attribute does not affect IDL attribute for script in HTML namespace
-FAIL Basic nonce tests for meh in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got ""
-FAIL Ensure that removal of content attribute does not affect IDL attribute for meh in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got ""
-FAIL Basic nonce tests for svg in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got ""
-FAIL Ensure that removal of content attribute does not affect IDL attribute for svg in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got ""
-FAIL Basic nonce tests for script in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got ""
-FAIL Ensure that removal of content attribute does not affect IDL attribute for script in SVG namespace assert_equals: IDL attribute is modified after content attribute set expected "x" but got ""
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-expected.txt
-This is a testharness.js-based test.
-PASS Reading 'nonce' content attribute and IDL attribute.
-PASS Cloned node retains nonce.
-PASS Cloned node retains nonce when inserted.
-FAIL Writing 'nonce' content attribute. assert_equals: expected "foo" but got "abc"
-PASS Writing 'nonce' IDL attribute.
-PASS Document-written script executes.
-PASS Document-written script's nonce value.
-PASS createElement.nonce.
-PASS createElement.setAttribute.
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/content-security-policy/nonce-hiding/svgscript-nonces-hidden-meta.sub-expected.txt
-This is a testharness.js-based test.
-PASS Reading 'nonce' content attribute and IDL attribute.
-PASS Cloned node retains nonce.
-PASS Cloned node retains nonce when inserted.
-FAIL Writing 'nonce' content attribute. assert_equals: expected "foo" but got "abc"
-PASS Writing 'nonce' IDL attribute.
-PASS Document-written script executes.
-PASS Document-written script's nonce value.
-PASS createElement.nonce.
-PASS createElement.setAttribute.
-Harness: the test ran to completion.