LibWeb: Implement HTMLOrSVGElement.nonce

There are two FIXMEs remaining that depend on a functional PolicyContainer, which we ignore for now and always behave like a CSP is set.
Author: https://github.com/gmta Commit: 84fe8d675b Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2036 Reviewed-by: https://github.com/tcl3
2025-07-28 11:49:44 +00:00 · 2024-10-29 13:27:01 +01:00 · 2024-10-29 13:27:01 +01:00 · 84fe8d675b · 2024-10-31 09:47:17 +00:00
commit 84fe8d675b
parent 8dcab69779
12 changed files with 174 additions and 7 deletions
--- a/Userland/Libraries/LibWeb/HTML/HTMLOrSVGElement.cpp
+++ b/Userland/Libraries/LibWeb/HTML/HTMLOrSVGElement.cpp
@ -56,6 +56,61 @@ void HTMLOrSVGElement<ElementBase>::blur()
    // User agents may selectively or uniformly ignore calls to this method for usability reasons.
 }

+// https://html.spec.whatwg.org/#dom-noncedelement-nonce
+template<typename ElementBase>
+void HTMLOrSVGElement<ElementBase>::attribute_change_steps(FlyString const& local_name, Optional<String> const&, Optional<String> const& value, Optional<FlyString> const& namespace_)
+{
+    // 1. If element does not include HTMLOrSVGElement, then return.
+    // 2. If localName is not nonce or namespace is not null, then return.
+    if (local_name != HTML::AttributeNames::nonce || namespace_.has_value())
+        return;
+
+    // 3. If value is null, then set element's [[CryptographicNonce]] to the empty string.
+    if (!value.has_value()) {
+        m_cryptographic_nonce = {};
+    }
+
+    // 4. Otherwise, set element's [[CryptographicNonce]] to value.
+    else {
+        m_cryptographic_nonce = value.value();
+    }
+}
+
+// https://html.spec.whatwg.org/#dom-noncedelement-nonce
+template<typename ElementBase>
+WebIDL::ExceptionOr<void> HTMLOrSVGElement<ElementBase>::cloned(DOM::Node& copy, bool)
+{
+    // The cloning steps for elements that include HTMLOrSVGElement must set the
+    // [[CryptographicNonce]] slot on the copy to the value of the slot on the element being cloned.
+    static_cast<ElementBase&>(copy).m_cryptographic_nonce = m_cryptographic_nonce;
+    return {};
+}
+
+// https://html.spec.whatwg.org/#dom-noncedelement-nonce
+template<typename ElementBase>
+void HTMLOrSVGElement<ElementBase>::inserted()
+{
+    // Whenever an element including HTMLOrSVGElement becomes browsing-context connected, the user
+    // agent must execute the following steps on the element:
+    DOM::Element& element = *static_cast<ElementBase*>(this);
+
+    // FIXME: 1. Let CSP list be element's shadow-including root's policy container's CSP list.
+    [[maybe_unused]] auto policy_container = element.shadow_including_root().document().policy_container();
+
+    // FIXME: 2. If CSP list contains a header-delivered Content Security Policy, and element has a
+    //           nonce content attribute attr whose value is not the empty string, then:
+    if (true && element.has_attribute(HTML::AttributeNames::nonce)) {
+        // 2.1. Let nonce be element's [[CryptographicNonce]].
+        auto nonce = m_cryptographic_nonce;
+
+        // 2.2. Set an attribute value for element using "nonce" and the empty string.
+        element.set_attribute_value(HTML::AttributeNames::nonce, {});
+
+        // 2.3. Set element's [[CryptographicNonce]] to nonce.
+        m_cryptographic_nonce = nonce;
+    }
+}
+
 template<typename ElementBase>
 void HTMLOrSVGElement<ElementBase>::visit_edges(JS::Cell::Visitor& visitor)
 {