Is-element-nonceable should check if the attribute's name |contains| …

…<script/<style> (#636) SHA: 459f886 Reason: push, by mozfreddyb Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
w3c · Jan 15, 2024 · cc9a860 · cc9a860
1 parent acf957e
commit cc9a860
Showing 1 changed file with 8 additions and 10 deletions.
diff --git a/index.html b/index.html
@@ -7,7 +7,7 @@
   <link href="https://www.w3.org/StyleSheets/TR/2021/W3C-WD" rel="stylesheet">
   <meta content="Bikeshed version 82ce88815, updated Thu Sep 7 16:33:55 2023 -0700" name="generator">
   <link href="https://www.w3.org/TR/CSP3/" rel="canonical">
-  <meta content="aba284c2895ee1084ecfbcde72cecab18b34c0e3" name="document-revision">
+  <meta content="459f8862f116cf7475598235812d4acf854a41e2" name="document-revision">
 <style>
   ul.toc ul ul ul {
     margin: 0 0 0 2em;
@@ -702,13 +702,13 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> </a> </p>
    <h1>Content Security Policy Level 3</h1>
-   <p id="w3c-state"><a href="https://www.w3.org/standards/types#WD">W3C Working Draft</a>, <time class="dt-updated" datetime="2023-12-06">6 December 2023</time></p>
+   <p id="w3c-state"><a href="https://www.w3.org/standards/types#WD">W3C Working Draft</a>, <time class="dt-updated" datetime="2024-01-15">15 January 2024</time></p>
    <details open>
     <summary>More details about this document</summary>
     <div data-fill-with="spec-metadata">
      <dl>
       <dt>This version:
-      <dd><a class="u-url" href="https://www.w3.org/TR/2023/WD-CSP3-20231206/">https://www.w3.org/TR/2023/WD-CSP3-20231206/</a>
+      <dd><a class="u-url" href="https://www.w3.org/TR/2024/WD-CSP3-20240115/">https://www.w3.org/TR/2024/WD-CSP3-20240115/</a>
       <dt>Latest published version:
       <dd><a href="https://www.w3.org/TR/CSP3/">https://www.w3.org/TR/CSP3/</a>
       <dt>Editor's Draft:
@@ -729,7 +729,7 @@ <h1>Content Security Policy Level 3</h1>
     </div>
    </details>
    <div data-fill-with="warning"></div>
-   <p class="copyright" data-fill-with="copyright"><a href="https://www.w3.org/policies/#copyright">Copyright</a> © 2023 <a href="https://www.w3.org/">World Wide Web Consortium</a>. <abbr title="World Wide Web Consortium">W3C</abbr><sup>®</sup> <a href="https://www.w3.org/policies/#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/policies/#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/copyright/software-license/" rel="license" title="W3C Software and Document License">permissive document license</a> rules apply. </p>
+   <p class="copyright" data-fill-with="copyright"><a href="https://www.w3.org/policies/#copyright">Copyright</a> © 2024 <a href="https://www.w3.org/">World Wide Web Consortium</a>. <abbr title="World Wide Web Consortium">W3C</abbr><sup>®</sup> <a href="https://www.w3.org/policies/#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/policies/#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/copyright/software-license/" rel="license" title="W3C Software and Document License">permissive document license</a> rules apply. </p>
    <hr title="Separator for header">
   </div>
   <div class="p-summary" data-fill-with="abstract">
@@ -4068,13 +4068,11 @@ <h5 class="heading settled algorithm" data-algorithm="Is element nonceable?" dat
       <p>If <var>element</var> is a <code><a data-link-type="element" href="https://html.spec.whatwg.org/multipage/scripting.html#script" id="ref-for-script⑥">script</a></code> element, then <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-iterate" id="ref-for-list-iterate③③">for each</a> <var>attribute</var> of <var>element</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-attribute" id="ref-for-concept-element-attribute">attribute list</a>:</p>
       <ol>
        <li data-md>
-        <p>If <var>attribute</var>’s name is an <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="ref-for-ascii-case-insensitive①⑦">ASCII case-insensitive</a> match for
-  the string "<code>&lt;script</code>" or the string
-  "<code>&lt;style</code>", return "<code>Not Nonceable</code>".</p>
+        <p>If <var>attribute</var>’s name contains an <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="ref-for-ascii-case-insensitive①⑦">ASCII case-insensitive</a> match for
+  "<code>&lt;script</code>" or "<code>&lt;style</code>", return "<code>Not Nonceable</code>".</p>
        <li data-md>
-        <p>If <var>attribute</var>’s value contains an <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="ref-for-ascii-case-insensitive①⑧">ASCII case-insensitive</a> match
-  the string "<code>&lt;script</code>" or the string
-  "<code>&lt;style</code>", return "<code>Not Nonceable</code>".</p>
+        <p>If <var>attribute</var>’s value contains an <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="ref-for-ascii-case-insensitive①⑧">ASCII case-insensitive</a> match for
+  "<code>&lt;script</code>" or "<code>&lt;style</code>", return "<code>Not Nonceable</code>".</p>
       </ol>
      <li data-md>
       <p>If <var>element</var> had a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/parsing.html#parse-error-duplicate-attribute" id="ref-for-parse-error-duplicate-attribute">duplicate-attribute</a> <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/images.html#concept-microsyntax-parse-error" id="ref-for-concept-microsyntax-parse-error">parse error</a> during tokenization, return