Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
index 94b4a054dde9c8527e4c2f3cafc3af6e67a523d6..9a34b96429802d02aec81b9564431ab81df29905 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
@@ -44,6 +44,7 @@ |
#include "core/frame/csp/CSPSource.h" |
#include "core/frame/csp/MediaListDirective.h" |
#include "core/frame/csp/SourceListDirective.h" |
+#include "core/html/HTMLScriptElement.h" |
#include "core/inspector/ConsoleMessage.h" |
#include "core/inspector/InspectorInstrumentation.h" |
#include "core/loader/DocumentLoader.h" |
@@ -75,8 +76,13 @@ |
namespace blink { |
bool ContentSecurityPolicy::isNonceableElement(const Element* element) { |
- if (!element->fastHasAttribute(HTMLNames::nonceAttr)) |
+ if (RuntimeEnabledFeatures::hideNonceContentAttributeEnabled() && |
+ isHTMLScriptElement(element)) { |
+ if (toHTMLScriptElement(element)->nonce().isNull()) |
+ return false; |
+ } else if (!element->fastHasAttribute(HTMLNames::nonceAttr)) { |
return false; |
+ } |
bool nonceable = true; |