Skip to content

Commit

Permalink
Port nonce (w3c#604)
Browse files Browse the repository at this point in the history
* ported nonce on link

refer to whatwg/html#1820

* fixed link/nonce dfn

* code error forgot to close <a>

* updated nonce after mw review

w3c#604 (review)
  • Loading branch information
stevefaulkner authored and arronei committed Apr 17, 2017
1 parent c358105 commit bbb7ae0
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
2 changes: 1 addition & 1 deletion sections/attributes.include
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@
</tr>
<tr>
<th><code>nonce</code></th>
<td><{script}>; <{style}></td>
<td><{link}>; <{script}>; <{style}></td>
<td>Cryptographic nonce used in <a>Content Security Policy</a> checks [[CSP3]]</td>
<td><a>Text</a></td>
</tr>
Expand Down
1 change: 1 addition & 0 deletions sections/elements.include
Original file line number Diff line number Diff line change
Expand Up @@ -763,6 +763,7 @@
<{link/crossorigin}>;
<{link/rel}>;
<{link/media}>;
<{link/nonce}>;
<{link/hreflang}>;
<{link/type}>;
<{link/sizes}></td>
Expand Down
11 changes: 10 additions & 1 deletion sections/semantics-document-metadata.include
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,7 @@
<dd><{link/rel}> — Relationship of this document (or subsection/topic) to the destination resource</dd>
<dd><{link/rev}> — <a>Reverse link</a> relationship of the destination resource to this document (or subsection/topic)</dd>
<dd><code>media</code> — Applicable media</dd>
<dd><code>nonce</code> — Cryptographic nonce used in Content Security Policy checks [[CSP3]]</dd>
<dd><code>hreflang</code> — Language of the linked resource</dd>
<dd><code>type</code> — Hint for the type of the referenced resource</dd>
<dd><code>sizes</code> — Sizes of the icons (for <{link/rel}>="<code>icon</code>")</dd>
Expand Down Expand Up @@ -466,6 +467,11 @@
which indicates that the current document is the table of contents document for every chapter.

</div>

<p>The <dfn element-attr for="link"><code>nonce</code></dfn> attribute represents a
cryptographic nonce ("number used once") which can be used by <cite>Content Security Policy</cite>
to determine whether or not an external resource specified by the link will be loaded and applied
to the document. The value is text. [[CSP3]]</p>

The <dfn element-attr for="link"><code>crossorigin</code></dfn> attribute is a
<a>CORS settings attribute</a>. It is intended for use with external resource links.
Expand All @@ -490,7 +496,9 @@
<var>url</var> and <var>corsAttributeState</var>.
5. Set <var>request</var>'s <a>client</a> to the <{link}> element's <a>node document</a>'s
{{Window}} object's <a>environment settings object</a>.
6. <a>Fetch</a> <var>request</var>.
6. Set <var>request</var>'s <span>cryptographic
nonce metadata</span> to the current state of the <{link}> element's <{link/nonce}> content attribute.
7. <a>Fetch</a> <var>request</var>.

User agents may opt to only try to obtain such resources when they are needed, instead of
pro-actively fetching all the external resources that are not applied.
Expand Down Expand Up @@ -667,6 +675,7 @@
<dfn attribute for="HTMLLinkElement"><code>rel</code></dfn>,
<dfn attribute for="HTMLLinkElement"><code>rev</code></dfn>,
<dfn attribute for="HTMLLinkElement"><code>media</code></dfn>,
<dfn attribute for="HTMLLinkElement"><code>nonce</code></dfn>,
<dfn attribute for="HTMLLinkElement"><code>hreflang</code></dfn>,
<dfn attribute for="HTMLLinkElement"><code>type</code></dfn>, and
<dfn attribute for="HTMLLinkElement"><code>sizes</code></dfn> each must <a>reflect</a> the
Expand Down

0 comments on commit bbb7ae0

Please sign in to comment.