Prevent [[CryptographicNonce]] from being emptied

source

@@ -2824,6 +2824,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  <li><dfn data-x-href="https://heycam.github.io/webidl/#dfn-legacy-platform-object">legacy platform object</dfn></li>
  <li><dfn data-x-href="https://heycam.github.io/webidl/#dfn-primary-interface">primary interface</dfn></li>
  <li><dfn data-x-href="https://heycam.github.io/webidl/#dfn-interface-object">interface object</dfn></li>
+ <li><dfn data-x-href="https://heycam.github.io/webidl/#include">include</dfn></li>
  <li><dfn data-x-href="https://heycam.github.io/webidl/#dfn-interface-prototype-object">interface prototype object</dfn></li>
  <li><dfn data-x-href="https://heycam.github.io/webidl/#es-platform-objects">[[Realm]] field of a platform object</dfn></li>
  <li><dfn data-x-href="https://heycam.github.io/webidl/#dfn-callback-context">callback context</dfn></li>
@@ -7118,11 +7119,11 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
 
  <p>Elements that have a <code data-x="attr-nonce">nonce</code> content attribute ensure that the
  crytographic nonce is only exposed to script (and not to side-channels like CSS attribute
- selectors) by extracting the value from the content attribute, moving it into an internal slot
+ selectors) by taking the value from the content attribute, moving it into an internal slot
  named <dfn data-export="" data-dfn-for="HTMLOrSVGElement"
- data-dfn-type="attribute">[[CryptographicNonce]]</dfn>, and exposing it to script via the
- <code>HTMLOrSVGElement</code> interface mixin. Unless otherwise specified, the slot's value
- is the empty string.</p>
+ data-dfn-type="attribute">[[CryptographicNonce]]</dfn>, exposing it to script via the
+ <code>HTMLOrSVGElement</code> interface mixin, and setting the content attribute to the empty
+ string. Unless otherwise specified, the slot's value is the empty string.</p>
 
  <dl class="domintro">
  <dt><var>element</var> . <code data-x="">nonce</code></dt>
@@ -7147,12 +7148,26 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  <a href="https://github.com/whatwg/html/issues/2369">issue #2369</a>, where this behavior was
  introduced.</p>
 
- <p>Whenever an element including <code>HTMLOrSVGElement</code> has its <code
- data-x="attr-nonce">nonce</code> attribute is set or changed, set this element's
- <span>[[CryptographicNonce]]</span> to the given value.</p>
+ <p>The following <span data-x="concept-element-attributes-change-ext">attribute change
+ steps</span> are used for the <code data-x="attr-nonce">nonce</code> content attribute:
+
+ <ol>
+ <li><p>If <var>element</var> does not <span>include</span> <code>HTMLOrSVGElement</code>, then
+ return.</p></li>
+
+ <li><p>If <var>localName</var> is not <code data-x="attr-nonce">nonce</code> or
+ <var>namespace</var> is not null, then return.</p></li>
 
- <p>Whenever an element including <code>HTMLOrSVGElement</code> <span>becomes browsing-context
- connected</span>, the user agent must execute the following steps on the <var>element</var>:</p>
+ <li><p>If <var>value</var> is null, then set <var>element</var>'s
+ <span>[[CryptographicNonce]]</span> to the empty string.</p></li>
+
+ <li><p>Otherwise, set <var>element</var>'s <span>[[CryptographicNonce]]</span> to
+ <var>value</var>.</p></li>
+ </ol>
+
+ <p>Whenever an element <span data-x="include">including</span> <code>HTMLOrSVGElement</code>
+ <span>becomes browsing-context connected</span>, the user agent must execute the following steps
+ on the <var>element</var>:</p>
 
  <ol>
  <li><p>Let <var>CSP list</var> be <var>element</var>'s <span data-x="shadow-including
@@ -7165,10 +7180,19 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  <var>attr</var> whose value is not the empty string, then:</p>
 
  <ol>
+ <li><p>Let <var>nonce</var> be <var>element</var>'s
+ <span>[[CryptographicNonce]]</span>.</p></li>
+
  <li><p><span data-x="concept-element-attributes-set-value">Set an attribute value</span> for
  <var>element</var> using "<code data-x="attr-nonce">nonce</code>" and the empty
  string.</p></li>
+
+ <li><p>Set <var>element</var>'s <span>[[CryptographicNonce]]</span> to
+ <var>nonce</var>.</p></li>
  </ol>
+
+ <p class="note">If <var>element</var>'s <span>[[CryptographicNonce]]</span> were not restored it
+ would be the empty string at this point.</p>
  </li>
  </ol>
 
@@ -7178,9 +7202,10 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  set during <span data-x="create-the-document-object"><code data-x="">Document</code>
  creation and initialization</span>.</p>
 
- <p>The <span data-x="concept-node-clone-ext">cloning steps</span> for elements that include
- <code>HTMLOrSVGElement</code> must set the <span>[[CryptographicNonce]]</span> slot on the copy
- to the value of the slot on the element being cloned.</p>
+ <p>The <span data-x="concept-node-clone-ext">cloning steps</span> for elements that
+ <span>include</span> <code>HTMLOrSVGElement</code> must set the
+ <span>[[CryptographicNonce]]</span> slot on the copy to the value of the slot on the element being
+ cloned.</p>
 
  <h4>Lazy loading attributes</h4>