diff --git a/sections/attributes.include b/sections/attributes.include index 49b875f3ef..e5726a5423 100644 --- a/sections/attributes.include +++ b/sections/attributes.include @@ -542,7 +542,7 @@
nonce
media
— Applicable medianonce
— Cryptographic nonce used in Content Security Policy checks [[CSP3]]hreflang
— Language of the linked resourcetype
— Hint for the type of the referenced resourcesizes
— Sizes of the icons (for <{link/rel}>="icon
")The nonce
attribute represents a
+ cryptographic nonce ("number used once") which can be used by Content Security Policy
+ to determine whether or not an external resource specified by the link will be loaded and applied
+ to the document. The value is text. [[CSP3]]
crossorigin
attribute is a
CORS settings attribute. It is intended for use with external resource links.
@@ -490,7 +496,9 @@
url and corsAttributeState.
5. Set request's client to the <{link}> element's node document's
{{Window}} object's environment settings object.
- 6. Fetch request.
+ 6. Set request's cryptographic
+ nonce metadata to the current state of the <{link}> element's <{link/nonce}> content attribute.
+ 7. Fetch request.
User agents may opt to only try to obtain such resources when they are needed, instead of
pro-actively fetching all the external resources that are not applied.
@@ -667,6 +675,7 @@
rel
,
rev
,
media
,
+ nonce
,
hreflang
,
type
, and
sizes
each must reflect the