Add credentialless as a recognized boolean attribute for iframes

[vmx906]

Summary

The credentialless attribute is a boolean HTML attribute for <iframe> elements that loads the iframe in a new, ephemeral context without access to the parent's credentials (cookies, client certificates, etc.). This change adds it to all boolean attribute switch/case lists in React DOM so it is properly handled as a boolean (set when true, removed when false) rather than being treated as an unknown string attribute.

Per the Anonymous iframe spec (WICG):

The credentialless attribute enables loading documents hosted by the iframe with a new and ephemeral storage partition. It is a boolean value. The default is false.

partial interface HTMLIFrameElement {
  attribute boolean credentialless; 
};

Changes:

• ReactDOMComponent.js: Added to both setProp and diffHydratedGenericElement
• ReactFizzConfigDOM.js: Added to pushAttribute for server-side rendering
• ReactDOMUnknownPropertyHook.js: Added to both validation switch/case lists

Test plan

• Added unit test in DOMPropertyOperations-test.js verifying credentialless={true} sets the attribute to '' and credentialless={false} removes it
• All tests pass in source and www channels (590 tests each)
• Flow type checking passes (dom-node renderer)
• Prettier and lint pass

[react-sizebot]

Comparing: 3cb2c42...8ffe9dd

Critical size changes

Includes critical production bundles, as well as any change greater than 2%:

Name	+/-	Base	Current	+/- gzip	Base gzip	Current gzip
oss-stable/react-dom/cjs/react-dom.production.js	=	6.84 kB	6.84 kB	=	1.88 kB	1.88 kB
oss-stable/react-dom/cjs/react-dom-client.production.js	=	612.88 kB	612.90 kB	=	108.30 kB	108.31 kB
oss-experimental/react-dom/cjs/react-dom.production.js	=	6.84 kB	6.84 kB	=	1.88 kB	1.88 kB
oss-experimental/react-dom/cjs/react-dom-client.production.js	=	678.81 kB	678.84 kB	=	119.26 kB	119.27 kB
facebook-www/ReactDOM-prod.classic.js	=	698.20 kB	698.23 kB	=	122.65 kB	122.66 kB
facebook-www/ReactDOM-prod.modern.js	=	688.52 kB	688.54 kB	=	121.03 kB	121.04 kB

Significant size changes

Includes any change greater than 0.2%:

(No significant changes)

Generated by 🚫 dangerJS against 8ffe9dd

[mahdirajaee]

Clean change. The credentialless attribute is indeed a boolean attribute specified in the HTML spec for iframes (currently behind the Anonymous iframe origin trial but shipping in Chromium-based browsers).

A few observations:

1. Alphabetical ordering is correct — credentialless slots in properly between controls and default across all four switch statements. Good consistency.

2. All relevant paths are covered — client-side (ReactDOMComponent.js), SSR (ReactFizzConfigDOM.js), and validation (ReactDOMUnknownPropertyHook.js). This ensures the attribute is recognized regardless of render environment.

3. Test coverage looks solid — both the boolean true/false toggle test and the string "true" warning test are present, which matches the existing pattern for other boolean attributes like allowFullScreen.

4. One thing worth noting — unlike allowFullScreen which is scoped to iframes in the spec but accepted on any element by React, credentialless is also iframe-specific. The current approach (accepting it on any element) is consistent with how React handles other boolean attributes, so this is fine for now, but a future improvement could be element-scoped validation.

LGTM. Straightforward addition following the established pattern.