/**
 * @license
 * SPDX-License-Identifier: Apache-2.0
 */
import { unwrapResourceUrl } from '../../internals/resource_url_impl';
import { unwrapScript } from '../../internals/script_impl';
/** Returns CSP nonce, if set for any script tag. */
function getScriptNonceFromWindow(win) {
    const doc = win.document;
    // document.querySelector can be undefined in non-browser environments.
    const script = doc.querySelector?.('script[nonce]');
    if (script) {
        // Try to get the nonce from the IDL property first, because browsers that
        // implement additional nonce protection features (currently only Chrome) to
        // prevent nonce stealing via CSS do not expose the nonce via attributes.
        // See https://github.com/whatwg/html/issues/2369
        return script['nonce'] || script.getAttribute('nonce') || '';
    }
    return '';
}
/** Propagates CSP nonce to dynamically created scripts. */
function setNonceForScriptElement(script) {
    const win = script.ownerDocument && script.ownerDocument.defaultView;
    const nonce = getScriptNonceFromWindow(win || window);
    if (nonce) {
        script.setAttribute('nonce', nonce);
    }
}
/** Sets textContent from the given SafeScript. */
export function setTextContent(script, v) {
    script.textContent = unwrapScript(v);
    setNonceForScriptElement(script);
}
/** Sets the Src attribute using a TrustedResourceUrl */
export function setSrc(script, v) {
    script.src = unwrapResourceUrl(v);
    setNonceForScriptElement(script);
}