LibWeb: Track if element was created from token with dupe attributes

This is required for CSP to ignore the nonce attribute to prevent duplicate attributes hijacking the attribute. See https://w3c.github.io/webappsec-csp/#security-nonce-hijacking
Author: https://github.com/Lubrsi Commit: 2368641de5 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/5328 Reviewed-by: https://github.com/ADKaster ✅
2025-10-31 21:30:58 +00:00 · 2024-12-02 12:33:52 +00:00 · 2024-12-02 12:33:52 +00:00 · 2368641de5 · 2025-07-09 21:54:13 +00:00
commit 2368641de5
parent b6b030aa43
5 changed files with 27 additions and 0 deletions
--- a/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp
+++ b/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp
@ -816,6 +816,11 @@ GC::Ref<DOM::Element> HTMLParser::create_element_for(HTMLToken const& token, Opt
    // 9. Let element be the result of creating an element given document, localName, given namespace, null, is, and willExecuteScript.
    auto element = create_element(*document, local_name, namespace_, {}, is_value, will_execute_script).release_value_but_fixme_should_propagate_errors();

+    // AD-HOC: See AD-HOC comment on Element.m_had_duplicate_attribute_during_tokenization about why this is done.
+    if (token.had_duplicate_attribute()) {
+        element->set_had_duplicate_attribute_during_tokenization({});
+    }
+
    // AD-HOC: Let <link> elements know which document they were originally parsed for.
    //         This is used for the render-blocking logic.
    if (local_name == HTML::TagNames::link && namespace_ == Namespace::HTML) {