More tweaks to <script nonce> hiding.

third_party/WebKit/Source/core/html/HTMLScriptElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLScriptElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLScriptElement.cpp b/third_party/WebKit/Source/core/html/HTMLScriptElement.cpp
index 3d794624e070c14d064e8f4bcc813319de6bca35..257922a2df00500ff01c8bba1a01164b02cbdb8d 100644
--- a/third_party/WebKit/Source/core/html/HTMLScriptElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLScriptElement.cpp
@@ -89,14 +89,6 @@ void HTMLScriptElement::ParseAttribute(
     LogUpdateAttributeIfIsolatedWorldAndInDocument("script", params);
   } else if (params.name == asyncAttr) {
     loader_->HandleAsyncAttribute();
-  } else if (params.name == nonceAttr) {
-    if (params.new_value == ContentSecurityPolicy::GetNonceReplacementString())
-      return;
-    setNonce(params.new_value);
-    if (RuntimeEnabledFeatures::hideNonceContentAttributeEnabled()) {
-      setAttribute(nonceAttr,
-                   ContentSecurityPolicy::GetNonceReplacementString());
-    }
   } else {
     HTMLElement::ParseAttribute(params);
   }
@@ -112,6 +104,7 @@ Node::InsertionNotificationRequest HTMLScriptElement::InsertedInto(
                       UseCounter::kScriptElementWithInvalidTypeHasSrc);
   HTMLElement::InsertedInto(insertion_point);
   LogAddElementIfIsolatedWorldAndInDocument("script", srcAttr);
+
   return kInsertionShouldCallDidNotifySubtreeInsertions;
 }
 
@@ -200,8 +193,9 @@ bool HTMLScriptElement::HasChildren() const {
   return Node::hasChildren();
 }
 
-bool HTMLScriptElement::IsNonceableElement() const {
-  return ContentSecurityPolicy::IsNonceableElement(this);
+const AtomicString& HTMLScriptElement::GetNonceForElement() const {
+  return ContentSecurityPolicy::IsNonceableElement(this) ? nonce()
+                                                         : g_null_atom;
 }
 
 bool HTMLScriptElement::AllowInlineScriptForCSP(