From cec02c33dd3bc3b6c265e00302d5b988a2e9066b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dyego=20Aur=C3=A9lio?= <dyegoaurelio@gmail.com>
Date: Sat, 29 Nov 2025 16:10:40 -0300
Subject: [PATCH] Add duplicate attribute tracking for CSP nonce validation.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implements detection and propagation of duplicate attributes through
the tokenizer, tree builder, and TreeSink interface to support CSP
(Content Security Policy) nonce validation.

This enables html5ever consumers (e.g., Servo) to properly implement
step 3 of the CSP "is element nonceable" algorithm by checking the
`ElementFlags.had_duplicate_attrs` field during nonce validation.

Reference:
 - https://www.w3.org/TR/CSP/#is-element-nonceable
 - https://github.com/servo/servo/commit/4821bc0ab01e1ed0bb27e86c2df545019bd3856a
Signed-off-by: Dyego Aurélio <dyegoaurelio@gmail.com>
---
 html5ever/src/tokenizer/interface.rs          |   4 +
 html5ever/src/tokenizer/mod.rs                |   8 +
 html5ever/src/tree_builder/mod.rs             |  77 +++++-
 html5ever/src/tree_builder/rules.rs           |   7 +-
 markup5ever/interface/tree_builder.rs         |  24 ++
 .../duplicate-attrs.test                      |  66 +++++
 rcdom/tests/duplicate-attrs-integration.rs    | 241 ++++++++++++++++++
 rcdom/tests/html-tokenizer.rs                 |   3 +
 8 files changed, 415 insertions(+), 15 deletions(-)
 create mode 100644 rcdom/custom-html5lib-tokenizer-tests/duplicate-attrs.test
 create mode 100644 rcdom/tests/duplicate-attrs-integration.rs

diff --git a/html5ever/src/tokenizer/interface.rs b/html5ever/src/tokenizer/interface.rs
index edc6afb9..15d774ab 100644
--- a/html5ever/src/tokenizer/interface.rs
+++ b/html5ever/src/tokenizer/interface.rs
@@ -40,6 +40,10 @@ pub struct Tag {
     pub name: LocalName,
     pub self_closing: bool,
     pub attrs: Vec<Attribute>,
+    /// Whether duplicate attributes were encountered during tokenization.
+    /// This is used for CSP nonce validation - elements with duplicate
+    /// attributes are not nonceable per the CSP spec.
+    pub had_duplicate_attrs: bool,
 }
 
 impl Tag {
diff --git a/html5ever/src/tokenizer/mod.rs b/html5ever/src/tokenizer/mod.rs
index eccc5690..37762f59 100644
--- a/html5ever/src/tokenizer/mod.rs
+++ b/html5ever/src/tokenizer/mod.rs
@@ -133,6 +133,9 @@ pub struct Tokenizer<Sink> {
     /// Current tag is self-closing?
     current_tag_self_closing: Cell<bool>,
 
+    /// Current tag had duplicate attributes?
+    current_tag_had_duplicate_attrs: Cell<bool>,
+
     /// Current tag attributes.
     current_tag_attrs: RefCell<Vec<Attribute>>,
 
@@ -186,6 +189,7 @@ impl<Sink: TokenSink> Tokenizer<Sink> {
             current_tag_kind: Cell::new(StartTag),
             current_tag_name: RefCell::new(StrTendril::new()),
             current_tag_self_closing: Cell::new(false),
+            current_tag_had_duplicate_attrs: Cell::new(false),
             current_tag_attrs: RefCell::new(vec![]),
             current_attr_name: RefCell::new(StrTendril::new()),
             current_attr_value: RefCell::new(StrTendril::new()),
@@ -440,6 +444,7 @@ impl<Sink: TokenSink> Tokenizer<Sink> {
             name,
             self_closing: self.current_tag_self_closing.get(),
             attrs: std::mem::take(&mut self.current_tag_attrs.borrow_mut()),
+            had_duplicate_attrs: self.current_tag_had_duplicate_attrs.get(),
         });
 
         match self.process_token(token) {
@@ -481,6 +486,7 @@ impl<Sink: TokenSink> Tokenizer<Sink> {
     fn discard_tag(&self) {
         self.current_tag_name.borrow_mut().clear();
         self.current_tag_self_closing.set(false);
+        self.current_tag_had_duplicate_attrs.set(false);
         *self.current_tag_attrs.borrow_mut() = vec![];
     }
 
@@ -523,6 +529,7 @@ impl<Sink: TokenSink> Tokenizer<Sink> {
 
         if dup {
             self.emit_error(Borrowed("Duplicate attribute"));
+            self.current_tag_had_duplicate_attrs.set(true);
             self.current_attr_name.borrow_mut().clear();
             self.current_attr_value.borrow_mut().clear();
         } else {
@@ -2217,6 +2224,7 @@ mod test {
             name,
             self_closing: false,
             attrs: vec![],
+            had_duplicate_attrs: false,
         })
     }
 
diff --git a/html5ever/src/tree_builder/mod.rs b/html5ever/src/tree_builder/mod.rs
index f0d89b92..1bd1a607 100644
--- a/html5ever/src/tree_builder/mod.rs
+++ b/html5ever/src/tree_builder/mod.rs
@@ -12,6 +12,7 @@
 pub use crate::interface::{create_element, ElemName, ElementFlags, Tracer, TreeSink};
 pub use crate::interface::{AppendNode, AppendText, Attribute, NodeOrText};
 pub use crate::interface::{LimitedQuirks, NoQuirks, Quirks, QuirksMode};
+pub use markup5ever::interface::tree_builder::create_element_with_flags;
 
 use self::types::*;
 
@@ -733,6 +734,7 @@ where
                     name: subject,
                     self_closing: false,
                     attrs: vec![],
+                    had_duplicate_attrs: false,
                 });
             };
 
@@ -828,10 +830,11 @@ where
                 };
                 // FIXME: Is there a way to avoid cloning the attributes twice here (once on their
                 // own, once as part of t.clone() above)?
-                let new_element = create_element(
+                let new_element = create_element_with_flags(
                     &self.sink,
                     QualName::new(None, ns!(html), tag.name.clone()),
                     tag.attrs.clone(),
+                    tag.had_duplicate_attrs,
                 );
                 self.open_elems.borrow_mut()[node_index] = new_element.clone();
                 self.active_formatting.borrow_mut()[node_formatting_index] =
@@ -860,10 +863,11 @@ where
             // 15.
             // FIXME: Is there a way to avoid cloning the attributes twice here (once on their own,
             // once as part of t.clone() above)?
-            let new_element = create_element(
+            let new_element = create_element_with_flags(
                 &self.sink,
                 QualName::new(None, ns!(html), fmt_elem_tag.name.clone()),
                 fmt_elem_tag.attrs.clone(),
+                fmt_elem_tag.had_duplicate_attrs,
             );
             let new_entry = FormatEntry::Element(new_element.clone(), fmt_elem_tag);
 
@@ -1010,6 +1014,7 @@ where
                 ns!(html),
                 tag.name.clone(),
                 tag.attrs.clone(),
+                tag.had_duplicate_attrs,
             );
 
             // Step 9. Replace the entry for entry in the list with an entry for new element.
@@ -1363,6 +1368,7 @@ where
         ns: Namespace,
         name: LocalName,
         attrs: Vec<Attribute>,
+        had_duplicate_attrs: bool,
     ) -> Handle {
         declare_tag_set!(form_associatable =
             "button" "fieldset" "input" "object"
@@ -1372,7 +1378,12 @@ where
 
         // Step 7.
         let qname = QualName::new(None, ns, name);
-        let elem = create_element(&self.sink, qname.clone(), attrs.clone());
+        let elem = create_element_with_flags(
+            &self.sink,
+            qname.clone(),
+            attrs.clone(),
+            had_duplicate_attrs,
+        );
 
         let insertion_point = self.appropriate_place_for_insertion(None);
         let (node1, node2) = match insertion_point {
@@ -1410,15 +1421,27 @@ where
     }
 
     fn insert_element_for(&self, tag: Tag) -> Handle {
-        self.insert_element(PushFlag::Push, ns!(html), tag.name, tag.attrs)
+        self.insert_element(
+            PushFlag::Push,
+            ns!(html),
+            tag.name,
+            tag.attrs,
+            tag.had_duplicate_attrs,
+        )
     }
 
     fn insert_and_pop_element_for(&self, tag: Tag) -> Handle {
-        self.insert_element(PushFlag::NoPush, ns!(html), tag.name, tag.attrs)
+        self.insert_element(
+            PushFlag::NoPush,
+            ns!(html),
+            tag.name,
+            tag.attrs,
+            tag.had_duplicate_attrs,
+        )
     }
 
     fn insert_phantom(&self, name: LocalName) -> Handle {
-        self.insert_element(PushFlag::Push, ns!(html), name, vec![])
+        self.insert_element(PushFlag::Push, ns!(html), name, vec![], false)
     }
 
     /// <https://html.spec.whatwg.org/multipage/parsing.html#insert-an-element-at-the-adjusted-insertion-location>
@@ -1429,8 +1452,13 @@ where
         only_add_to_element_stack: bool,
     ) -> Handle {
         let adjusted_insertion_location = self.appropriate_place_for_insertion(None);
-        let qname = QualName::new(None, ns, tag.name);
-        let elem = create_element(&self.sink, qname.clone(), tag.attrs.clone());
+        let qname = QualName::new(None, ns, tag.name.clone());
+        let elem = create_element_with_flags(
+            &self.sink,
+            qname.clone(),
+            tag.attrs.clone(),
+            tag.had_duplicate_attrs,
+        );
 
         if !only_add_to_element_stack {
             self.insert_at(adjusted_insertion_location, AppendNode(elem.clone()));
@@ -1520,6 +1548,7 @@ where
             ns!(html),
             tag.name.clone(),
             tag.attrs.clone(),
+            tag.had_duplicate_attrs,
         );
         self.active_formatting
             .borrow_mut()
@@ -1655,10 +1684,22 @@ where
         self.adjust_foreign_attributes(&mut tag);
 
         if tag.self_closing {
-            self.insert_element(PushFlag::NoPush, ns, tag.name, tag.attrs);
+            self.insert_element(
+                PushFlag::NoPush,
+                ns,
+                tag.name,
+                tag.attrs,
+                tag.had_duplicate_attrs,
+            );
             ProcessResult::DoneAckSelfClosing
         } else {
-            self.insert_element(PushFlag::Push, ns, tag.name, tag.attrs);
+            self.insert_element(
+                PushFlag::Push,
+                ns,
+                tag.name,
+                tag.attrs,
+                tag.had_duplicate_attrs,
+            );
             ProcessResult::Done
         }
     }
@@ -1823,10 +1864,22 @@ where
         self.adjust_foreign_attributes(&mut tag);
         if tag.self_closing {
             // FIXME(#118): <script /> in SVG
-            self.insert_element(PushFlag::NoPush, current_ns, tag.name, tag.attrs);
+            self.insert_element(
+                PushFlag::NoPush,
+                current_ns,
+                tag.name,
+                tag.attrs,
+                tag.had_duplicate_attrs,
+            );
             ProcessResult::DoneAckSelfClosing
         } else {
-            self.insert_element(PushFlag::Push, current_ns, tag.name, tag.attrs);
+            self.insert_element(
+                PushFlag::Push,
+                current_ns,
+                tag.name,
+                tag.attrs,
+                tag.had_duplicate_attrs,
+            );
             ProcessResult::Done
         }
     }
diff --git a/html5ever/src/tree_builder/rules.rs b/html5ever/src/tree_builder/rules.rs
index e0ddff45..4314e865 100644
--- a/html5ever/src/tree_builder/rules.rs
+++ b/html5ever/src/tree_builder/rules.rs
@@ -15,10 +15,10 @@ use crate::tokenizer::TagKind::{EndTag, StartTag};
 use crate::tree_builder::tag_sets::*;
 use crate::tree_builder::types::*;
 use crate::tree_builder::{
-    create_element, html_elem, ElemName, NodeOrText::AppendNode, StrTendril, Tag, TreeBuilder,
-    TreeSink,
+    html_elem, ElemName, NodeOrText::AppendNode, StrTendril, Tag, TreeBuilder, TreeSink,
 };
 use crate::QualName;
+use markup5ever::interface::tree_builder::create_element_with_flags;
 use markup5ever::{expanded_name, local_name, ns};
 use std::borrow::Cow::Borrowed;
 
@@ -207,10 +207,11 @@ where
                     },
 
                     Token::Tag(tag @ tag!(<script>)) => {
-                        let elem = create_element(
+                        let elem = create_element_with_flags(
                             &self.sink,
                             QualName::new(None, ns!(html), local_name!("script")),
                             tag.attrs,
+                            tag.had_duplicate_attrs,
                         );
                         if self.is_fragment() {
                             self.sink.mark_script_already_started(&elem);
diff --git a/markup5ever/interface/tree_builder.rs b/markup5ever/interface/tree_builder.rs
index 378a57ce..8e53e6f4 100644
--- a/markup5ever/interface/tree_builder.rs
+++ b/markup5ever/interface/tree_builder.rs
@@ -62,6 +62,13 @@ pub struct ElementFlags {
     ///
     /// [whatwg integration-point]: https://html.spec.whatwg.org/multipage/#html-integration-point
     pub mathml_annotation_xml_integration_point: bool,
+
+    /// Whether duplicate attributes were encountered during tokenization.
+    /// This is used for CSP nonce validation - elements with duplicate
+    /// attributes are not nonceable per the CSP spec.
+    ///
+    /// See [CSP Level 3 - Is element nonceable](https://www.w3.org/TR/CSP/#is-element-nonceable)
+    pub had_duplicate_attrs: bool,
 }
 
 /// A constructor for an element.
@@ -70,6 +77,22 @@ pub struct ElementFlags {
 ///
 /// Create an element like `<div class="test-class-name"></div>`:
 pub fn create_element<Sink>(sink: &Sink, name: QualName, attrs: Vec<Attribute>) -> Sink::Handle
+where
+    Sink: TreeSink,
+{
+    create_element_with_flags(sink, name, attrs, false)
+}
+
+/// A constructor for an element with duplicate attribute information.
+///
+/// This variant allows passing whether duplicate attributes were encountered
+/// during tokenization, which is needed for CSP nonce validation.
+pub fn create_element_with_flags<Sink>(
+    sink: &Sink,
+    name: QualName,
+    attrs: Vec<Attribute>,
+    had_duplicate_attrs: bool,
+) -> Sink::Handle
 where
     Sink: TreeSink,
 {
@@ -85,6 +108,7 @@ where
         },
         _ => {},
     }
+    flags.had_duplicate_attrs = had_duplicate_attrs;
     sink.create_element(name, attrs, flags)
 }
 
diff --git a/rcdom/custom-html5lib-tokenizer-tests/duplicate-attrs.test b/rcdom/custom-html5lib-tokenizer-tests/duplicate-attrs.test
new file mode 100644
index 00000000..f01c0174
--- /dev/null
+++ b/rcdom/custom-html5lib-tokenizer-tests/duplicate-attrs.test
@@ -0,0 +1,66 @@
+{"tests": [
+
+{"description": "Duplicate attribute - simple case",
+"input": "<div id='first' id='second'>",
+"output": [
+    ["StartTag", "div", {"id": "first"}]
+],
+"errors": [
+    {"code": "duplicate-attribute"}
+]},
+
+{"description": "Duplicate attribute - three duplicates",
+"input": "<div id='first' id='second' id='third'>",
+"output": [
+    ["StartTag", "div", {"id": "first"}]
+],
+"errors": [
+    {"code": "duplicate-attribute"},
+    {"code": "duplicate-attribute"}
+]},
+
+{"description": "Duplicate attribute - mixed with other attrs",
+"input": "<div class='foo' id='first' title='bar' id='second'>",
+"output": [
+    ["StartTag", "div", {"class": "foo", "id": "first", "title": "bar"}]
+],
+"errors": [
+    {"code": "duplicate-attribute"}
+]},
+
+{"description": "Duplicate nonce attribute",
+"input": "<script nonce='abc123' nonce='xyz789'>",
+"output": [
+    ["StartTag", "script", {"nonce": "abc123"}]
+],
+"errors": [
+    {"code": "duplicate-attribute"}
+]},
+
+{"description": "No duplicate - different attributes",
+"input": "<div id='test' class='foo'>",
+"output": [
+    ["StartTag", "div", {"id": "test", "class": "foo"}]
+],
+"errors": []},
+
+{"description": "Duplicate attribute - case insensitive (ID vs id)",
+"input": "<div ID='first' id='second'>",
+"output": [
+    ["StartTag", "div", {"id": "first"}]
+],
+"errors": [
+    {"code": "duplicate-attribute"}
+]},
+
+{"description": "Multiple different duplicates",
+"input": "<div id='a' id='b' class='x' class='y'>",
+"output": [
+    ["StartTag", "div", {"id": "a", "class": "x"}]
+],
+"errors": [
+    {"code": "duplicate-attribute"},
+    {"code": "duplicate-attribute"}
+]}
+
+]}
diff --git a/rcdom/tests/duplicate-attrs-integration.rs b/rcdom/tests/duplicate-attrs-integration.rs
new file mode 100644
index 00000000..6be79f76
--- /dev/null
+++ b/rcdom/tests/duplicate-attrs-integration.rs
@@ -0,0 +1,241 @@
+// Copyright 2014-2017 The html5ever Project Developers. See the
+// COPYRIGHT file at the top-level directory of this distribution.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+use html5ever::driver;
+use html5ever::tendril::stream::TendrilSink;
+use html5ever::tendril::StrTendril;
+use html5ever::ExpandedName;
+use html5ever::QualName;
+use markup5ever::interface::{ElementFlags, NodeOrText, QuirksMode, TreeSink};
+use markup5ever::{local_name, ns, Attribute};
+use markup5ever_rcdom::{Handle, RcDom};
+use std::borrow::Cow;
+use std::cell::RefCell;
+
+/// A TreeSink that captures had_duplicate_attrs flags for created elements
+pub struct FlagCapturingDOM {
+    pub had_duplicate_attrs_flags: RefCell<Vec<bool>>,
+    pub rcdom: RcDom,
+}
+impl Default for FlagCapturingDOM {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl FlagCapturingDOM {
+    pub fn new() -> Self {
+        FlagCapturingDOM {
+            had_duplicate_attrs_flags: RefCell::new(Vec::new()),
+            rcdom: RcDom::default(),
+        }
+    }
+}
+
+impl TreeSink for FlagCapturingDOM {
+    type Output = Self;
+    type ElemName<'a> = ExpandedName<'a>;
+
+    fn finish(self) -> Self {
+        self
+    }
+
+    type Handle = Handle;
+
+    fn parse_error(&self, msg: Cow<'static, str>) {
+        self.rcdom.parse_error(msg);
+    }
+
+    fn get_document(&self) -> Handle {
+        self.rcdom.get_document()
+    }
+
+    fn get_template_contents(&self, target: &Handle) -> Handle {
+        self.rcdom.get_template_contents(target)
+    }
+
+    fn set_quirks_mode(&self, mode: QuirksMode) {
+        self.rcdom.set_quirks_mode(mode)
+    }
+
+    fn same_node(&self, x: &Handle, y: &Handle) -> bool {
+        self.rcdom.same_node(x, y)
+    }
+
+    fn elem_name<'a>(&'a self, target: &'a Handle) -> ExpandedName<'a> {
+        self.rcdom.elem_name(target)
+    }
+
+    fn create_element(&self, name: QualName, attrs: Vec<Attribute>, flags: ElementFlags) -> Handle {
+        // Capture the had_duplicate_attrs flag value for inspection
+        self.had_duplicate_attrs_flags
+            .borrow_mut()
+            .push(flags.had_duplicate_attrs);
+        self.rcdom.create_element(name, attrs, flags)
+    }
+
+    fn create_comment(&self, text: StrTendril) -> Handle {
+        self.rcdom.create_comment(text)
+    }
+
+    fn create_pi(&self, target: StrTendril, data: StrTendril) -> Handle {
+        self.rcdom.create_pi(target, data)
+    }
+
+    fn append(&self, parent: &Handle, child: NodeOrText<Handle>) {
+        self.rcdom.append(parent, child)
+    }
+
+    fn append_based_on_parent_node(
+        &self,
+        element: &Handle,
+        prev_element: &Handle,
+        child: NodeOrText<Handle>,
+    ) {
+        self.rcdom
+            .append_based_on_parent_node(element, prev_element, child)
+    }
+
+    fn append_doctype_to_document(
+        &self,
+        name: StrTendril,
+        public_id: StrTendril,
+        system_id: StrTendril,
+    ) {
+        self.rcdom
+            .append_doctype_to_document(name, public_id, system_id)
+    }
+
+    fn add_attrs_if_missing(&self, target: &Handle, attrs: Vec<Attribute>) {
+        self.rcdom.add_attrs_if_missing(target, attrs)
+    }
+
+    fn remove_from_parent(&self, target: &Handle) {
+        self.rcdom.remove_from_parent(target)
+    }
+
+    fn reparent_children(&self, node: &Handle, new_parent: &Handle) {
+        self.rcdom.reparent_children(node, new_parent)
+    }
+
+    fn mark_script_already_started(&self, node: &Handle) {
+        self.rcdom.mark_script_already_started(node)
+    }
+
+    fn set_current_line(&self, line_number: u64) {
+        self.rcdom.set_current_line(line_number)
+    }
+
+    fn pop(&self, node: &Handle) {
+        self.rcdom.pop(node)
+    }
+
+    fn append_before_sibling(&self, sibling: &Handle, new_node: NodeOrText<Handle>) {
+        self.rcdom.append_before_sibling(sibling, new_node)
+    }
+}
+
+#[test]
+fn test_duplicate_attrs_flag_set() {
+    let sink = FlagCapturingDOM::new();
+    let input = r#"<div id="first" id="second"></div>"#;
+
+    let sink = driver::parse_fragment(
+        sink,
+        driver::ParseOpts::default(),
+        QualName::new(None, ns!(html), local_name!("body")),
+        vec![],
+        false, // context_element_allows_scripting
+    )
+    .one(input)
+    .finish();
+
+    // We expect at least one element to have been created (the div)
+    // Find if any element has had_duplicate_attrs=true
+    let flags = sink.had_duplicate_attrs_flags.borrow();
+    let has_duplicate = flags.iter().any(|&f| f);
+
+    assert!(
+        has_duplicate,
+        "Expected to find an element with had_duplicate_attrs=true"
+    );
+}
+
+#[test]
+fn test_no_duplicate_attrs_flag_not_set() {
+    let sink = FlagCapturingDOM::new();
+    let input = r#"<div id="first" class="test"></div>"#;
+
+    let sink = driver::parse_fragment(
+        sink,
+        driver::ParseOpts::default(),
+        QualName::new(None, ns!(html), local_name!("body")),
+        vec![],
+        false,
+    )
+    .one(input)
+    .finish();
+
+    // All flags should have had_duplicate_attrs=false
+    let flags = sink.had_duplicate_attrs_flags.borrow();
+    for flag in flags.iter() {
+        assert!(
+            !flag,
+            "Expected had_duplicate_attrs to be false for elements without duplicates"
+        );
+    }
+}
+
+#[test]
+fn test_multiple_duplicates_sets_flag() {
+    let sink = FlagCapturingDOM::new();
+    let input = r#"<div id="a" id="b" class="x" class="y"></div>"#;
+
+    let sink = driver::parse_fragment(
+        sink,
+        driver::ParseOpts::default(),
+        QualName::new(None, ns!(html), local_name!("body")),
+        vec![],
+        false,
+    )
+    .one(input)
+    .finish();
+
+    let flags = sink.had_duplicate_attrs_flags.borrow();
+    let has_duplicate = flags.iter().any(|&f| f);
+
+    assert!(
+        has_duplicate,
+        "Expected to find an element with had_duplicate_attrs=true for multiple duplicates"
+    );
+}
+
+#[test]
+fn test_script_with_duplicate_nonce() {
+    let sink = FlagCapturingDOM::new();
+    let input = r#"<script nonce="abc" nonce="xyz"></script>"#;
+
+    let sink = driver::parse_fragment(
+        sink,
+        driver::ParseOpts::default(),
+        QualName::new(None, ns!(html), local_name!("body")),
+        vec![],
+        false,
+    )
+    .one(input)
+    .finish();
+
+    let flags = sink.had_duplicate_attrs_flags.borrow();
+    let has_duplicate = flags.iter().any(|&f| f);
+
+    assert!(
+        has_duplicate,
+        "Expected script with duplicate nonce to have had_duplicate_attrs=true"
+    );
+}
diff --git a/rcdom/tests/html-tokenizer.rs b/rcdom/tests/html-tokenizer.rs
index 9ff7dc69..d618ff0b 100644
--- a/rcdom/tests/html-tokenizer.rs
+++ b/rcdom/tests/html-tokenizer.rs
@@ -135,6 +135,7 @@ impl TokenSink for TokenLogger {
                     },
                     _ => t.attrs.sort_by(|a1, a2| a1.name.cmp(&a2.name)),
                 }
+                t.had_duplicate_attrs = false;
                 self.push(TagToken(t));
             },
 
@@ -250,6 +251,7 @@ fn json_to_token(js: &Value) -> Token {
                 Some(b) => b.get_bool(),
                 None => false,
             },
+            had_duplicate_attrs: false,
         }),
 
         "EndTag" => TagToken(Tag {
@@ -257,6 +259,7 @@ fn json_to_token(js: &Value) -> Token {
             name: LocalName::from(&*args[0].get_str()),
             attrs: vec![],
             self_closing: false,
+            had_duplicate_attrs: false,
         }),
 
         "Comment" => CommentToken(args[0].get_tendril()),