More tweaks to <script nonce> hiding.

third_party/WebKit/Source/core/html/HTMLScriptElement.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights
  * reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
  * License as published by the Free Software Foundation; either
@@ skipping 71 matching lines @@
   HTMLElement::DidMoveToNewDocument(old_document);
 }
 
 void HTMLScriptElement::ParseAttribute(
     const AttributeModificationParams& params) {
   if (params.name == srcAttr) {
     loader_->HandleSourceAttribute(params.new_value);
     LogUpdateAttributeIfIsolatedWorldAndInDocument("script", params);
   } else if (params.name == asyncAttr) {
     loader_->HandleAsyncAttribute();
-  } else if (params.name == nonceAttr) {
-    if (params.new_value == ContentSecurityPolicy::GetNonceReplacementString())
-      return;
-    setNonce(params.new_value);
-    if (RuntimeEnabledFeatures::hideNonceContentAttributeEnabled()) {
-      setAttribute(nonceAttr,
-                   ContentSecurityPolicy::GetNonceReplacementString());
-    }
   } else {
     HTMLElement::ParseAttribute(params);
   }
 }
 
 Node::InsertionNotificationRequest HTMLScriptElement::InsertedInto(
     ContainerNode* insertion_point) {
   if (insertion_point->isConnected() && HasSourceAttribute() &&
       !Loader()->IsScriptTypeSupported(
           ScriptLoader::kDisallowLegacyTypeInTypeAttribute))
     UseCounter::Count(GetDocument(),
                       UseCounter::kScriptElementWithInvalidTypeHasSrc);
   HTMLElement::InsertedInto(insertion_point);
   LogAddElementIfIsolatedWorldAndInDocument("script", srcAttr);
+
   return kInsertionShouldCallDidNotifySubtreeInsertions;
 }
 
 void HTMLScriptElement::DidNotifySubtreeInsertionsToDocument() {
   loader_->DidNotifySubtreeInsertionsToDocument();
 }
 
 void HTMLScriptElement::setText(const String& value) {
   setTextContent(value);
 }
@@ skipping 64 matching lines @@
 }
 
 bool HTMLScriptElement::IsConnected() const {
   return Node::isConnected();
 }
 
 bool HTMLScriptElement::HasChildren() const {
   return Node::hasChildren();
 }
 
-bool HTMLScriptElement::IsNonceableElement() const {
-  return ContentSecurityPolicy::IsNonceableElement(this);
+const AtomicString& HTMLScriptElement::GetNonceForElement() const {
+  return ContentSecurityPolicy::IsNonceableElement(this) ? nonce()
+                                                         : g_null_atom;
 }
 
 bool HTMLScriptElement::AllowInlineScriptForCSP(
     const AtomicString& nonce,
     const WTF::OrdinalNumber& context_line,
     const String& script_content) {
   return GetDocument().GetContentSecurityPolicy()->AllowInlineScript(
       this, GetDocument().Url(), nonce, context_line, script_content);
 }
 
@@ skipping 24 matching lines @@
   return new HTMLScriptElement(GetDocument(), false, loader_->AlreadyStarted(),
                                false);
 }
 
 DEFINE_TRACE(HTMLScriptElement) {
   HTMLElement::Trace(visitor);
   ScriptElementBase::Trace(visitor);
 }
 
 }  // namespace blink