defercrossoriginintegrityreferrerpolicy[Exposed=Window, @@ -57414,6 +57415,7 @@ interface HTMLScriptElement : HTMLElement { [CEReactions] attribute DOMString? crossOrigin; [CEReactions] attribute DOMString text; [CEReactions] attribute DOMString integrity; + [CEReactions] attribute DOMString referrerPolicy; };
src, async, nomodule,
defer, crossorigin, and integrity attributes must not be specified.
+ data-x="attr-script-crossorigin">crossorigin, integrity, and referrerpolicy attributes must not be specified.
The nomodule attribute is a boolean
attribute that prevents a script from being executed in user agents that support
@@ -57560,11 +57563,27 @@ interface HTMLScriptElement : HTMLElement {
module script or when the src attribute is not
specified.
The referrerpolicy attribute is a
+ referrer policy attribute. Its purpose is to set the referrer policy
+ used when fetching the script, as well as any scripts imported
+ from it.
An example of a <script>'s referrer policy being used when fetching imported scripts but + not other subresources.
+ +<script src="main.js" referrerpolicy="origin">
+ fetch('/api/data'); // not fetched with <script>'s referrer policy
+ import('./utils.js'); // is fetched with <script>'s referrer policy ("origin" in this case)
+</script>
+ Changing the src, type, nomodule, async, defer, crossorigin, and integrity attributes dynamically has no direct effect; these
+ data-x="attr-script-crossorigin">crossorigin, integrity, and referrerpolicy attributes dynamically has no direct effect; these
attributes are only used at specific times described below.
The referrerPolicy IDL attribute must
+ reflect the referrerpolicy content
+ attribute, limited to only known values.
The crossOrigin IDL attribute must
reflect the crossorigin content
attribute, limited to only known values.
Let referrer policy be the current state of the element's referrerpolicy content attribute.
Let parser metadata be "parser-inserted" if the
script element has been flagged as "parser-inserted", and
"not-parser-inserted" otherwise.
Let options be a script fetch options whose cryptographic nonce is cryptographic - nonce, integrity metadata is - integrity metadata, parser - metadata is parser metadata, credentials mode is module script - credentials mode, and referrer - policy is the empty string.
- -See w3c/webappsec-referrer-policy#96
- for future plans to add a referrerpolicy attribute to script
- elements.
-
Let options be a script fetch options whose cryptographic nonce is cryptographic + nonce, integrity metadata is + integrity metadata, parser + metadata is parser metadata, credentials mode is module script + credentials mode, and referrer + policy is referrer policy.
Let settings object be the element's node document's
Window object's environment settings object.
To perform the internal module script graph fetching procedure given a
- url, a fetch client settings object, a destination, a some
+ url, a fetch client settings object, a destination, some
options, a module map settings object, a visited set, a
referrer, and a top-level module fetch flag, perform these steps. The
algorithm will asynchronously complete with either null (on failure) or a module
@@ -116716,7 +116735,8 @@ interface External {
async;
defer;
crossorigin;
- integrity
+ integrity;
+ referrerpolicy
HTMLScriptElementarea;
iframe;
img;
- link
+ link;
+ script