More tweaks to <script nonce> hiding.

Move `<script nonce>` hiding to `Element`.

We're evaluating a different approach to hiding the `nonce` content
attribute, moving the behavior change up to `HTMLElement` and `SVGElement`
rather than placing it on `{HTML,SVG}{Script,Style}Element`. This
patch adds `nonce` to `ElementRareData` in order to support that
approach, and wires up a new `NoncedElement` interface to the new
properties.

Still behind a flag while we're working out details.

Intent to Implement and Ship: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85j16Cg6BAAJ

BUG=680419
Review-Url: https://codereview.chromium.org/2801243002
Cr-Commit-Position: refs/heads/master@{#472215}
Committed: https://chromium.googlesource.com/chromium/src/+/23cd806334edf349b4371e63f231bc1361fe0a08

[Mike West, 2017-04-07 11:37:14]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-07 11:37:31]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-07 12:48:42]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-07 12:48:43]

Dry run: Try jobs failed on following builders:
  linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[Mike West, 2017-04-07 14:41:09]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-07 14:41:22]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-07 15:52:46]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-07 15:52:47]

Dry run: Try jobs failed on following builders:
  linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_tsan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[Mike West, 2017-04-07 15:54:30]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-07 15:54:52]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-07 17:25:18]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-07 17:25:19]

Dry run: This issue passed the CQ dry run.

[Mike West, 2017-04-10 09:42:23]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-10 09:42:33]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-10 09:44:47]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-10 09:44:48]

Dry run: Try jobs failed on following builders:
  ios-device on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds...)
  ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-xcode-...)
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Mike West, 2017-04-11 08:12:04]

Description was changed from

==========
More tweaks to <script nonce> hiding.

This patch brings us into line with the updated spec text at [1], at
least insofar as it affects <script>. <style> and <link> are outstanding;
I'll add patches for them when there's cross-browser agreement upon
behavior.

[1]: https://github.com/whatwg/html/pull/2373

BUG=680419
==========

to

==========
More tweaks to <script nonce> hiding.

This patch brings us into line with the updated spec text at [1], at
least insofar as it affects <script>. <style> and <link> are outstanding;
I'll add patches for them when there's cross-browser agreement upon
behavior.

Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85...

[1]: https://github.com/whatwg/html/pull/2373

BUG=680419
==========

[Mike West, 2017-04-11 11:40:14]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-11 11:40:27]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2017-04-11 12:15:15]

mkwst@chromium.org changed reviewers:
+ jochen@chromium.org

[Mike West, 2017-04-11 12:15:16]

WDYT about this implementation strategy, Jochen?

[Mike West, 2017-04-11 12:17:08]

Description was changed from

==========
More tweaks to <script nonce> hiding.

This patch brings us into line with the updated spec text at [1], at
least insofar as it affects <script>. <style> and <link> are outstanding;
I'll add patches for them when there's cross-browser agreement upon
behavior.

Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85...

[1]: https://github.com/whatwg/html/pull/2373

BUG=680419
==========

to

==========
Move `<script nonce>` hiding to `Element`.

In https://github.com/whatwg/html/pull/2373 and
https://github.com/whatwg/dom/pull/436, we're evaluating a different
approach to hiding the `nonce` content attribute, moving the behavior
change up to `Element` rather than placing it on `HTML*Element`. This
patch adds `nonce` to `ElementRareData` in order to support that
approach.

Still behind a flag while we're working out details.

Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85...

BUG=680419
==========

[jochen (gone - plz use gerrit), 2017-04-11 12:17:47]

looks reasonable

[kouhei (in TOK), 2017-04-11 12:24:17]

kouhei@chromium.org changed reviewers:
+ japhet@chromium.org, kouhei@chromium.org

[kouhei (in TOK), 2017-04-11 12:24:18]

+japhet for ScriptElementBase

https://codereview.chromium.org/2801243002/diff/60001/third_party/WebKit/Sour...
File third_party/WebKit/Source/core/dom/ScriptLoader.cpp (right):

https://codereview.chromium.org/2801243002/diff/60001/third_party/WebKit/Sour...
third_party/WebKit/Source/core/dom/ScriptLoader.cpp:522: //      Otherwise, let
cryptographic nonce be the empty string."
Would you update the spec text here to match:
https://github.com/whatwg/html/pull/2373/files#diff-36cd38f49b9afa08222c0dc9e...

[commit-bot: I haz the power, 2017-04-11 13:23:35]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-11 13:23:36]

Dry run: Try jobs failed on following builders:
  win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[Mike West, 2017-04-11 13:32:18]

On 2017/04/11 at 12:24:18, kouhei wrote:
> +japhet for ScriptElementBase
> 
>
https://codereview.chromium.org/2801243002/diff/60001/third_party/WebKit/Sour...
> File third_party/WebKit/Source/core/dom/ScriptLoader.cpp (right):
> 
>
https://codereview.chromium.org/2801243002/diff/60001/third_party/WebKit/Sour...
> third_party/WebKit/Source/core/dom/ScriptLoader.cpp:522: //      Otherwise,
let cryptographic nonce be the empty string."
> Would you update the spec text here to match:
>
https://github.com/whatwg/html/pull/2373/files#diff-36cd38f49b9afa08222c0dc9e...

Yeah, absolutely. Once we have text that we agree upon, I'll make sure it's
updated.

[Mike West, 2017-04-12 05:01:56]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-04-12 05:02:14]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-04-12 06:57:06]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-04-12 06:57:07]

Dry run: Try jobs failed on following builders:
  win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[Mike West, 2017-05-16 11:23:11]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-05-16 11:23:33]

Dry run: CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-05-16 11:51:46]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-05-16 11:51:47]

Dry run: Try jobs failed on following builders:
  ios-simulator on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)

[Mike West, 2017-05-16 14:02:29]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-05-16 14:03:11]

Dry run: CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2017-05-16 14:04:10]

Jochen, mind taking a real look at this now? I think we're close enough on the
details to get something in for testing.

[jochen (gone - plz use gerrit), 2017-05-16 14:17:06]

lgtm

[commit-bot: I haz the power, 2017-05-16 15:16:35]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-05-16 15:16:36]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[kouhei (in TOK), 2017-05-16 16:45:53]

lgtm

[Mike West, 2017-05-16 18:12:47]

Description was changed from

==========
Move `<script nonce>` hiding to `Element`.

In https://github.com/whatwg/html/pull/2373 and
https://github.com/whatwg/dom/pull/436, we're evaluating a different
approach to hiding the `nonce` content attribute, moving the behavior
change up to `Element` rather than placing it on `HTML*Element`. This
patch adds `nonce` to `ElementRareData` in order to support that
approach.

Still behind a flag while we're working out details.

Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85...

BUG=680419
==========

to

==========
Move `<script nonce>` hiding to `Element`.

We're evaluating a different approach to hiding the `nonce` content
attribute, moving the behavior change up to `HTMLElement` and `SVGElement`
rather than placing it on `{HTML,SVG}{Script,Style}Element`. This
patch adds `nonce` to `ElementRareData` in order to support that
approach, and wires up a new `NoncedElement` interface to the new
properties.

Still behind a flag while we're working out details.

Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85...

BUG=680419
==========

[Mike West, 2017-05-16 18:13:45]

The CQ bit was checked by mkwst@chromium.org

[Mike West, 2017-05-16 18:13:46]

The patchset sent to the CQ was uploaded after l-g-t-m from jochen@chromium.org,
kouhei@chromium.org
Link to the patchset: https://codereview.chromium.org/2801243002/#ps140001
(title: "Moved tests.")

[commit-bot: I haz the power, 2017-05-16 18:15:12]

CQ is trying da patch.

Follow status at:
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-05-16 21:00:22]

CQ is committing da patch.

Bot data: {"patchset_id": 140001, "attempt_start_ts": 1494958425165230,
"parent_rev": "febe5cb69cb8c121f2f95f3ec5fb81474958e992", "commit_rev":
"23cd806334edf349b4371e63f231bc1361fe0a08"}

[commit-bot: I haz the power, 2017-05-16 21:00:33]

Description was changed from

==========
Move `<script nonce>` hiding to `Element`.

We're evaluating a different approach to hiding the `nonce` content
attribute, moving the behavior change up to `HTMLElement` and `SVGElement`
rather than placing it on `{HTML,SVG}{Script,Style}Element`. This
patch adds `nonce` to `ElementRareData` in order to support that
approach, and wires up a new `NoncedElement` interface to the new
properties.

Still behind a flag while we're working out details.

Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85...

BUG=680419
==========

to

==========
Move `<script nonce>` hiding to `Element`.

We're evaluating a different approach to hiding the `nonce` content
attribute, moving the behavior change up to `HTMLElement` and `SVGElement`
rather than placing it on `{HTML,SVG}{Script,Style}Element`. This
patch adds `nonce` to `ElementRareData` in order to support that
approach, and wires up a new `NoncedElement` interface to the new
properties.

Still behind a flag while we're working out details.

Intent to Implement and Ship:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/wu_fMIYkyaQ/85...

BUG=680419

Review-Url: https://codereview.chromium.org/2801243002
Cr-Commit-Position: refs/heads/master@{#472215}
Committed:
https://chromium.googlesource.com/chromium/src/+/23cd806334edf349b4371e63f231...
==========

[commit-bot: I haz the power, 2017-05-16 21:00:34]

Committed patchset #8 (id:140001) as
https://chromium.googlesource.com/chromium/src/+/23cd806334edf349b4371e63f231...