Default tab index for math

content-security-policy/nonce-hiding/mathmlscript-nonces-hidden-meta.tentative.sub.html

@@ -0,0 +1,116 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<meta http-equiv="content-security-policy" content="script-src 'nonce-abc'; img-src 'none'">
+
+<body>
+<!-- Basics -->
+<svg xmlns="http://www.w3.org/2000/svg">
+  <script nonce="abc" id="testScript">
+    document.currentScript.setAttribute('executed', 'yay');
+  </script>
+</svg>
+
+<script nonce="abc">
+    var script = document.querySelector('#testScript');
+
+    test(t => {
+      // Query Selector
+      assert_equals(document.querySelector('[nonce]'), script);
+      assert_equals(document.querySelector('[nonce=""]'), null);
+      assert_equals(document.querySelector('[nonce=abc]'), script);
+
+      assert_equals(script.getAttribute('nonce'), 'abc');
+      assert_equals(script.nonce, 'abc');
+    }, "Reading 'nonce' content attribute and IDL attribute.");
+
+    // Clone node.
+    test(t => {
+      script.setAttribute('executed', 'boo');
+      var s2 = script.cloneNode();
+      assert_equals(s2.nonce, 'abc', 'IDL attribute');
+      assert_equals(s2.getAttribute('nonce'), 'abc');
+    }, "Cloned node retains nonce.");
+
+    async_test(t => {
+      var s2 = script.cloneNode();
+      document.head.appendChild(s2);
+      assert_equals(s2.nonce, 'abc');
+      assert_equals(s2.getAttribute('nonce'), 'abc');
+
+      window.addEventListener('load', t.step_func_done(_ => {
+        // The cloned script won't execute, as its 'already started' flag is set.
+        assert_equals(s2.getAttribute('executed'), 'boo');
+      }));
+    }, "Cloned node retains nonce when inserted.");
+
+    // Set the content attribute to 'foo'
+    test(t => {
+      script.setAttribute('nonce', 'foo');
+      assert_equals(script.getAttribute('nonce'), 'foo');
+      assert_equals(script.nonce, 'abc');
+    }, "Writing 'nonce' content attribute.");
+
+    // Set the IDL attribute to 'bar'
+    test(t => {
+      script.nonce = 'bar';
+      assert_equals(script.nonce, 'bar');
+      assert_equals(script.getAttribute('nonce'), 'foo');
+    }, "Writing 'nonce' IDL attribute.");
+
+    // Fragment parser.
+    var documentWriteTest = async_test("Document-written script executes.");
+    document.write(`<svg xmlns="http://www.w3.org/2000/svg"><script nonce='abc'>
+      documentWriteTest.done();
+      test(t => {
+        var script = document.currentScript;
+        assert_equals(script.getAttribute('nonce'), 'abc');
+        assert_equals(script.nonce, 'abc');
+      }, "Document-written script's nonce value.");
+    </scr` + `ipt></svg>`);
+
+    // Create node.
+    test(t => {
+      var s = document.createElement('svg');
+      var innerScript = document.createElement('innerScript');
+      innerScript.innerText = script.innerText;
+      innerScript.nonce = 'abc';
+      s.appendChild(innerScript);
+      document.body.appendChild(s);
+      assert_equals(innerScript.nonce, 'abc');
+      assert_equals(innerScript.getAttribute('nonce'), null, 'innerScript.getAttribute nonce');
+    }, "createElement.nonce.");
+
+    // Create node.
+    test(t => {
+      var s = document.createElement('svg');
+      var innerScript = document.createElement('script');
+      innerScript.innerText = script.innerText;
+      innerScript.setAttribute('nonce', 'abc');
+      assert_equals(innerScript.getAttribute('nonce'), 'abc', "Pre-insertion content");
+      assert_equals(innerScript.nonce, 'abc', "Pre-insertion IDL");
+      s.appendChild(innerScript);
+      document.body.appendChild(s);
+      assert_equals(innerScript.nonce, 'abc', "Post-insertion IDL");
+      assert_equals(innerScript.getAttribute('nonce'), 'abc', "Post-insertion content");
+    }, "createElement.setAttribute.");
+</script>
+
+<!-- CSS Leakage -->
+<style>
+    #cssTest { display: block; }
+    #cssTest[nonce=abc] { background: url(/security/resources/abe.png); }
+</style>
+<svg xmlns="http://www.w3.org/2000/svg">
+  <script nonce="abc" id="cssTest">
+      async_test(t => {
+        requestAnimationFrame(t.step_func_done(_ => {
+          var script = document.querySelector('#cssTest');
+          var style = getComputedStyle(script);
+          assert_equals(style['display'], 'block');
+          assert_equals(style['background-image'], "url(\"http://{{domains[]}}:{{ports[http][0]}}/security/resources/abe.png\")");
+        }));
+      }, "Nonces don't leak via CSS side-channels.");
+  </script>
+</svg>

content-security-policy/nonce-hiding/mathmlscript-nonces-hidden.tentative.html

@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js" nonce="abc"></script>
+<script src="/resources/testharnessreport.js" nonce="abc"></script>
+
+<!-- `Content-Security-Policy: script-src 'nonce-abc'; img-src 'none'` delivered via headers -->
+
+<body>
+<!-- Basics -->
+
+<math xmlns="http://www.w3.org/1998/Math/MathML">
+  <script nonce="abc" id="testScript">
+    document.currentScript.setAttribute('executed', 'yay');
+  </script>
+</math>
+
+<script nonce="abc">
+    var script = document.querySelector('#testScript');
+
+    test(t => {
+      // Query Selector
+      assert_equals(document.querySelector('body [nonce]'), script);
+      assert_equals(document.querySelector('body [nonce=""]'), script);
+      assert_equals(document.querySelector('body [nonce=abc]'), null);
+
+      assert_equals(script.getAttribute('nonce'), '');
+      assert_equals(script.nonce, 'abc');
+    }, "Reading 'nonce' content attribute and IDL attribute.");
+
+    // Clone node.
+    test(t => {
+      script.setAttribute('executed', 'boo');
+      var s2 = script.cloneNode();
+      assert_equals(s2.nonce, 'abc', 'IDL attribute');
+      assert_equals(s2.getAttribute('nonce'), '');
+    }, "Cloned node retains nonce.");
+
+    async_test(t => {
+      var s2 = script.cloneNode();
+      document.head.appendChild(s2);
+      assert_equals(s2.nonce, 'abc');
+      assert_equals(s2.getAttribute('nonce'), '');
+
+      window.addEventListener('load', t.step_func_done(_ => {
+        // The cloned script won't execute, as its 'already started' flag is set.
+        assert_equals(s2.getAttribute('executed'), 'boo');
+      }));
+    }, "Cloned node retains nonce when inserted.");
+
+    // Set the content attribute to 'foo'
+    test(t => {
+      script.setAttribute('nonce', 'foo');
+      assert_equals(script.getAttribute('nonce'), 'foo');
+      assert_equals(script.nonce, 'abc');
+    }, "Writing 'nonce' content attribute.");
+
+    // Set the IDL attribute to 'bar'
+    test(t => {
+      script.nonce = 'bar';
+      assert_equals(script.nonce, 'bar');
+      assert_equals(script.getAttribute('nonce'), 'foo');
+    }, "Writing 'nonce' IDL attribute.");
+
+    // Fragment parser.
+    var documentWriteTest = async_test("Document-written script executes.");
+    document.write(`<svg xmlns="http://www.w3.org/2000/svg"><script nonce='abc'>
+      documentWriteTest.done();
+      test(t => {
+        var script = document.currentScript;
+        assert_equals(script.getAttribute('nonce'), '');
+        assert_equals(script.nonce, 'abc');
+      }, "Document-written script's nonce value.");
+    </scr` + `ipt></svg>`);
+
+    // Create node.
+    test(t => {
+      var s = document.createElement('svg');
+      var innerScript = document.createElement('script');
+      innerScript.innerText = script.innerText;
+      innerScript.nonce = 'abc';
+      s.appendChild(innerScript);
+      document.body.appendChild(s);
+      assert_equals(innerScript.nonce, 'abc');
+      assert_equals(innerScript.getAttribute('nonce'), null);
+    }, "createElement.nonce.");
+
+    // Create node.
+    test(t => {
+      var s = document.createElement('svg');
+      var innerScript = document.createElement('script');
+      innerScript.innerText = script.innerText;
+      innerScript.setAttribute('nonce', 'abc');
+      assert_equals(innerScript.getAttribute('nonce'), 'abc', "Pre-insertion content");
+      assert_equals(innerScript.nonce, 'abc', "Pre-insertion IDL");
+      s.appendChild(innerScript);
+      document.body.appendChild(s);
+      assert_equals(innerScript.nonce, 'abc', "Post-insertion IDL");
+      assert_equals(innerScript.getAttribute('nonce'), '', "Post-insertion content");
+    }, "createElement.setAttribute.");
+</script>
+
+<!-- CSS Leakage -->
+<style>
+    #cssTest { display: block; }
+    #cssTest[nonce=abc] { background: url(/security/resources/abe.png); }
+</style>
+<svg xmlns="http://www.w3.org/2000/svg">
+  <script nonce="abc" id="cssTest">
+      async_test(t => {
+        requestAnimationFrame(t.step_func_done(_ => {
+          var script = document.querySelector('#cssTest');
+          var style = getComputedStyle(script);
+          assert_equals(style['display'], 'block');
+          assert_equals(style['background-image'], 'none');
+        }));
+      }, "Nonces don't leak via CSS side-channels.");
+  </script>
+</svg>

content-security-policy/nonce-hiding/mathmlscript-nonces-hidden.tentative.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: script-src 'nonce-abc'; img-src 'none'

mathml/relations/html5-tree/autofocus.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js" nonce="abc"></script>
+<script src="/resources/testharnessreport.js" nonce="abc"></script>
+<style>
+    mrow { background: red; }
+   :focus { background: blue;  }</style>
+<body>
+    <p>The box should be blue</p>
+    <math>
+      <mrow id="link" href="#target" tabindex="0" autofocus>
+        <mspace id="space" width="150px" height="150px" style="background: transparent;"/>
+      </mrow>
+    </math>
+
+
+    <script>
+        async_test(t => {
+          window.addEventListener('load', t.step_func_done(_ => { 
+            assert_equals(document.activeElement, link);
+          }));
+        }, "a mrow with an href can be autofocused");
+    </script>
+</body>
+</html>

mathml/relations/html5-tree/tabindex-001.html

@@ -6,38 +6,69 @@
 <link rel="help" href="https://mathml-refresh.github.io/mathml-core/#css-styling">
 <link rel="help" href="https://mathml-refresh.github.io/mathml-core/#the-top-level-math-element">
 <meta name="assert" content="Verify default values for the tabIndex attribute">
+<script src="/mathml/support/mathml-fragments.js"></script>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script>
   window.addEventListener("load", function() {
-      test(() => {
-          const mrow = document.getElementById('mrow');
-          assert_equals(mrow.tabIndex, -1, "no attribute");
-          mrow.setAttribute("tabindex", "invalid");
-          assert_equals(mrow.getAttribute("tabindex"), "invalid");
-          assert_equals(mrow.tabIndex, -1, "invalid");
-          mrow.setAttribute("tabindex", "9999999999");
-          assert_equals(mrow.getAttribute("tabindex"), "9999999999");
-          assert_equals(mrow.tabIndex, -1, "too large integer");
-      }, "default and invalid values on mrow");
-      test(() => {
-          const mrowLink = document.getElementById('mrow-link');
-          assert_equals(mrow.tabIndex, 0, "no attribute");
-          mrow.setAttribute("tabindex", "invalid");
-          assert_equals(mrow.getAttribute("tabindex"), "invalid");
-          assert_equals(mrow.tabIndex, 0, "invalid");
-          mrow.setAttribute("tabindex", "9999999999");
-          assert_equals(mrow.getAttribute("tabindex"), "9999999999");
-          assert_equals(mrow.tabIndex, 0, "too large integer");
-      }, "default and invalid values on MathML link");
+      const mathEl = document.querySelector('math')
+
+      Object.keys(MathMLFragments).forEach(elName => {
+
+        mathEl.innerHTML = `
+          <${elName} id="el" onfocus="alert('fail')"></${elName}>
+          <${elName} id="el-link" href="javascript:alert('fail')" onfocus="alert('fail')"></${elName}>
+        `;
+
+        const htmlLinkableElements = 
+          new Set([
+            'mi', 'mo', 'mn', 'ms', 'mtext', 'mrow'
+          ]);
+
+        const el = mathEl.querySelector('#el');
+        const elLink = mathEl.querySelector('#el-link');
+
+        const expectTabIndex = function (expected) {
+          assert_equals(el.tabIndex, expected, "no attribute");
+          assert_equals(elLink.tabIndex, expected, "no attribute");
+
+          el.setAttribute("tabindex", "invalid");
+          elLink.setAttribute("tabindex", "invalid");
+
+          assert_equals(el.getAttribute("tabindex"), "invalid");
+          assert_equals(elLink.getAttribute("tabindex"), "invalid");
+
+          assert_equals(el.tabIndex, expected, "invalid");
+          assert_equals(elLink.tabIndex, expected, "invalid");
+
+          el.setAttribute("tabindex", "9999999999");
+          elLink.setAttribute("tabindex", "9999999999");
+
+
+          assert_equals(el.getAttribute("tabindex"), "9999999999");
+          assert_equals(elLink.getAttribute("tabindex"), "9999999999");
+
+
+          assert_equals(el.tabIndex, expected, "too large integer");
+          assert_equals(elLink.tabIndex, expected, "too large integer");
+
+        }
+        if (htmlLinkableElements.has(elName)) {
+          test(function() {
+              expectTabIndex(0);
+          }, "default and invalid values on MathML link");
+        } else {
+          test(function() {
+              expectTabIndex(1);
+          }, "default and invalid values on non-linkable MathML element"); 
+        }
+      });
   });
 </script>
 </head>
 <body>
   <div id="log"></div>
   <math>
-    <mrow id="mrow" onfocus="alert('fail')"></mrow>
-    <mrow id="mrow-link" href="javascript:alert('fail')" onfocus="alert('fail')"></mrow>
   </math>
 </body>
 </html>