Add crossorigin attribute and implement step 14 of prepare a script

Add WPT test for HTMLScriptElement crossOrigin IDL attribute

components/script/dom/htmlscriptelement.rs

@@ -5,6 +5,7 @@
 use document_loader::LoadType;
 use dom::attr::Attr;
 use dom::bindings::cell::DOMRefCell;
+use dom::bindings::codegen::Bindings::AttrBinding::AttrMethods;
 use dom::bindings::codegen::Bindings::DocumentBinding::DocumentMethods;
 use dom::bindings::codegen::Bindings::HTMLScriptElementBinding;
 use dom::bindings::codegen::Bindings::HTMLScriptElementBinding::HTMLScriptElementMethods;
@@ -30,6 +31,7 @@ use ipc_channel::ipc;
 use ipc_channel::router::ROUTER;
 use js::jsval::UndefinedValue;
 use net_traits::{AsyncResponseListener, AsyncResponseTarget, Metadata, NetworkError};
+use net_traits::request::CORSSettings;
 use network_listener::{NetworkListener, PreInvoke};
 use std::ascii::AsciiExt;
 use std::cell::Cell;
@@ -358,6 +360,7 @@ impl HTMLScriptElement {
 
                 true
             },
+            // TODO: Step 19.
             None => false,
         };
 
@@ -652,6 +655,32 @@ impl HTMLScriptElementMethods for HTMLScriptElement {
     // https://html.spec.whatwg.org/multipage/#dom-script-htmlfor
     make_setter!(SetHtmlFor, "for");
 
+    // https://html.spec.whatwg.org/multipage/#dom-script-crossorigin
+    fn GetCrossOrigin(&self) -> Option<DOMString> {
+        let element = self.upcast::<Element>();
+        let attr = element.get_attribute(&ns!(), &atom!("crossorigin"));
+
+        if let Some(mut val) = attr.map(|v| v.Value()) {
+            val.make_ascii_lowercase();
+            if val == "anonymous" || val == "use-credentials" {
+                return Some(val);
+            }
+            return Some(DOMString::from("anonymous"));
+        }
+        None
+    }
+
+    // https://html.spec.whatwg.org/multipage/#dom-script-crossorigin
+    fn SetCrossOrigin(&self, value: Option<DOMString>) {
+        let element = self.upcast::<Element>();
+        match value {
+            Some(val) => element.set_string_attribute(&atom!("crossorigin"), val),
+            None => {
+                element.remove_attribute(&ns!(), &atom!("crossorigin"));
+            }
+        }
+    }
+
     // https://html.spec.whatwg.org/multipage/#dom-script-text
     fn Text(&self) -> DOMString {
         Node::collect_text_contents(self.upcast::<Node>().children())

components/script/dom/webidls/HTMLScriptElement.webidl

@@ -10,7 +10,7 @@ interface HTMLScriptElement : HTMLElement {
            attribute DOMString charset;
   //         attribute boolean async;
            attribute boolean defer;
-  //         attribute DOMString crossOrigin;
+           attribute DOMString? crossOrigin;
            [Pure]
            attribute DOMString text;
 

tests/wpt/metadata/MANIFEST.json

@@ -37505,6 +37505,18 @@
             "path": "html/semantics/forms/the-input-element/minlength.html",
             "url": "/html/semantics/forms/the-input-element/minlength.html"
           }
+        ],
+        "html/semantics/scripting-1/the-script-element/script-crossorigin-network.html": [
+          {
+            "path": "html/semantics/scripting-1/the-script-element/script-crossorigin-network.html",
+            "url": "/html/semantics/scripting-1/the-script-element/script-crossorigin-network.html"
+          }
+        ],
+        "html/semantics/scripting-1/the-script-element/script-crossorigin.html": [
+          {
+            "path": "html/semantics/scripting-1/the-script-element/script-crossorigin.html",
+            "url": "/html/semantics/scripting-1/the-script-element/script-crossorigin.html"
+          }
         ]
       }
     },

tests/wpt/metadata/html/dom/interfaces.html.ini

@@ -4359,15 +4359,9 @@
   [HTMLScriptElement interface: attribute async]
     expected: FAIL
 
-  [HTMLScriptElement interface: attribute crossOrigin]
-    expected: FAIL
-
   [HTMLScriptElement interface: document.createElement("script") must inherit property "async" with the proper type (3)]
     expected: FAIL
 
-  [HTMLScriptElement interface: document.createElement("script") must inherit property "crossOrigin" with the proper type (5)]
-    expected: FAIL
-
   [HTMLCanvasElement interface: operation probablySupportsContext(DOMString,any)]
     expected: FAIL
 

tests/wpt/metadata/html/dom/reflection-misc.html.ini

@@ -1317,222 +1317,6 @@
   [script.tabIndex: IDL set to -2147483648 followed by getAttribute()]
     expected: FAIL
 
-  [script.crossOrigin: typeof IDL attribute]
-    expected: FAIL
-
-  [script.crossOrigin: IDL get with DOM attribute unset]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo " followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to undefined followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to 7 followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to 1.5 followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to true followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to false followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to object "[object Object\]" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to NaN followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to Infinity followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to -Infinity followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "\\0" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to null followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to object "test-toString" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to object "test-valueOf" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "anonymous" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "xanonymous" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "anonymous\\0" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "nonymous" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "ANONYMOUS" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "use-credentials" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "xuse-credentials" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "use-credentials\\0" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "se-credentials" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: setAttribute() to "USE-CREDENTIALS" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo " followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f  foo " followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to undefined followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to undefined followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to 7 followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to 7 followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to 1.5 followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to 1.5 followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to true followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to true followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to false followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to false followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to object "[object Object\]" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to object "[object Object\]" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to NaN followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to NaN followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to Infinity followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to Infinity followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to -Infinity followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to -Infinity followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "\\0" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "\\0" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to object "test-toString" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to object "test-toString" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to object "test-valueOf" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to object "test-valueOf" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "anonymous" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "xanonymous" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "xanonymous" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "anonymous\\0" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "anonymous\\0" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "nonymous" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "nonymous" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "ANONYMOUS" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "ANONYMOUS" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "use-credentials" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "xuse-credentials" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "xuse-credentials" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "use-credentials\\0" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "use-credentials\\0" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "se-credentials" followed by getAttribute()]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "se-credentials" followed by IDL get]
-    expected: FAIL
-
-  [script.crossOrigin: IDL set to "USE-CREDENTIALS" followed by IDL get]
-    expected: FAIL
-
   [script.itemScope: typeof IDL attribute]
     expected: FAIL
 
@@ -12447,6 +12231,3 @@
   [dialog.itemId: IDL set to object "test-valueOf" followed by IDL get]
     expected: FAIL
 
-  [script.crossOrigin: IDL set to null followed by getAttribute()]
-    expected: FAIL
-

tests/wpt/web-platform-tests/html/semantics/scripting-1/the-script-element/resources/cross-origin.py

@@ -0,0 +1,10 @@
+def main(request, response):
+    headers = [("Content-Type", "text/javascript")]
+    milk = request.cookies.first("milk", None)
+
+    if milk is None:
+        return headers, "var included = false;"
+    elif milk.value == "yes":
+        return headers, "var included = true;"
+
+    return headers, "var included = false;"

tests/wpt/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network.html

@@ -0,0 +1,49 @@
+<!doctype html>
+<meta charset="utf-8">
+<title>HTMLScriptElement: crossorigin attribute network test</title>
+<link rel="author" title="KiChjang" href="mailto:kungfukeith11@gmail.com">
+<link rel="help" href="https://html.spec.whatwg.org/multipage/#cors-settings-attribute">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<body>
+  <script type="text/javascript">
+  var test1 = async_test(document.title + "1");
+  var test2 = async_test(document.title + "2");
+  var test3 = async_test(document.title + "3");
+
+  var script1 = document.createElement("script");
+  script1.src = "resources/cross-origin.py";
+  script1.crossOrigin = "use-credentials";
+  var script2 = document.createElement("script");
+  script2.src = "resources/cross-origin.py";
+  script2.crossOrigin = "gibberish";
+  var script3 = document.createElement("script");
+  script3.src = "resources/cross-origin.py";
+
+  document.cookie = "milk=yes";
+  document.body.appendChild(script1);
+  script1.onload = function() {
+    test1.step(function() {
+      assert_true(included, "credentials should be included in script request");
+      test1.done();
+    });
+  };
+
+  document.body.appendChild(script2);
+  script2.onload = function() {
+    test2.step(function() {
+      assert_true(included, "invalid values should default to include credentials due to response tainting");
+      test2.done();
+    });
+  };
+
+  document.body.appendChild(script3);
+  script3.onload = function() {
+    test3.step(function() {
+      assert_true(included, "missing value should default to include credentials");
+      test3.done();
+    });
+  };
+  </script>
+</body>