[CSP] Regression WPT for nonce hiding on dangling html/body

See bug or https://crrev.com/c/5149755

Bug: 1513216
Change-Id: Ie04e0d900e8d49ffd99fc60579f50cbd460cad2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5148217
Commit-Queue: Jonathan Hao <phao@chromium.org>
Commit-Queue: Yifan Luo <lyf@chromium.org>
Reviewed-by: Yifan Luo <lyf@chromium.org>
Auto-Submit: Jonathan Hao <phao@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1241168}

content-security-policy/nonce-hiding/dangling-html-or-body.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js" nonce="secret"></script>
+<script src="/resources/testharnessreport.js" nonce="secret"></script>
+
+<!-- `Content-Security-Policy: script-src 'nonce-secret'` delivered via headers -->
+
+<body>
+  <style>body[nonce*=secret]{background:url(/security/resources/abe.png);}</style>
+  <body
+  <script nonce="secret" src="https://example.com/good.js"></script>
+  <script nonce="secret">
+    test(t => {
+      const body = document.querySelector('body');
+      var style = getComputedStyle(body);
+      assert_equals(style['background-image'], 'none');
+    }, "Nonces don't leak via CSS side-channels when a dangling body is injected.");
+  </script>
+
+  <style>html[nonce*=secret]{background:url(/security/resources/abe.png);}</style>
+  <html
+  <script nonce="secret" src="https://example.com/good.js"></script>
+  <script nonce="secret">
+    test(t => {
+      const html = document.querySelector('html');
+      var style = getComputedStyle(html);
+      assert_equals(style['background-image'], 'none');
+    }, "Nonces don't leak via CSS side-channels when a dangling html is injected.");
+  </script>
+</body>

content-security-policy/nonce-hiding/dangling-html-or-body.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: script-src 'nonce-secret'