diff --git a/Libraries/LibWeb/HTML/HTMLOrSVGElement.cpp b/Libraries/LibWeb/HTML/HTMLOrSVGElement.cpp
index df7c5361c82..9170ffbb44b 100644
--- a/Libraries/LibWeb/HTML/HTMLOrSVGElement.cpp
+++ b/Libraries/LibWeb/HTML/HTMLOrSVGElement.cpp
@@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
+#include
#include
#include
#include
@@ -100,12 +101,12 @@ void HTMLOrSVGElement::inserted()
if (!element.shadow_including_root().is_browsing_context_connected())
return;
- // FIXME: 1. Let CSP list be element's shadow-including root's policy container's CSP list.
- [[maybe_unused]] auto policy_container = element.shadow_including_root().document().policy_container();
+ // 1. Let CSP list be element's shadow-including root's policy container's CSP list.
+ auto csp_list = element.shadow_including_root().document().policy_container()->csp_list;
- // FIXME: 2. If CSP list contains a header-delivered Content Security Policy, and element has a
- // nonce content attribute whose value is not the empty string, then:
- if (true && element.has_attribute(HTML::AttributeNames::nonce)) {
+ // 2. If CSP list contains a header-delivered Content Security Policy, and element has a
+ // nonce content attribute whose value is not the empty string, then:
+ if (csp_list->contains_header_delivered_policy() && element.has_attribute(HTML::AttributeNames::nonce)) {
// 2.1. Let nonce be element's [[CryptographicNonce]].
auto nonce = m_cryptographic_nonce;
diff --git a/Tests/LibWeb/Text/expected/HTML/HTMLOrSVGElement-nonce.txt b/Tests/LibWeb/Text/expected/HTML/HTMLOrSVGElement-nonce.txt
index 27b0a1735e0..f24f54d80e3 100644
--- a/Tests/LibWeb/Text/expected/HTML/HTMLOrSVGElement-nonce.txt
+++ b/Tests/LibWeb/Text/expected/HTML/HTMLOrSVGElement-nonce.txt
@@ -5,7 +5,7 @@ nonce: "456" attribute: 456;
nonce: "null" attribute: 456;
insertion
nonce: "foo" attribute: foo;
-nonce: "foo" attribute: ;
+nonce: "foo" attribute: foo;
cloning
nonce: "bar" attribute: bar;
nonce: "bar" attribute: bar;