LibWeb: Add 'is scripting enabled' concept to EnvironmentSettingsObject

This is now the source of truth for 'user enabled/disabled scripting',
but it has to ask the window's page, which actually stores the setting.

Also use this new functionality in two places where it was previously
marked as a FIXME.

Userland/Libraries/LibWeb/DOM/Document.h

@@ -243,6 +243,7 @@ public:
     void removed_last_ref();
 
     HTML::Window& window() { return *m_window; }
+    HTML::Window const& window() const { return *m_window; }
 
     ExceptionOr<void> write(Vector<String> const& strings);
     ExceptionOr<void> writeln(Vector<String> const& strings);

Userland/Libraries/LibWeb/DOM/Node.cpp

@@ -847,8 +847,7 @@ void Node::serialize_tree_as_json(JsonObjectSerializer<StringBuilder>& object) c
 bool Node::is_scripting_enabled() const
 {
     // Scripting is enabled for a node node if node's node document's browsing context is non-null, and scripting is enabled for node's relevant settings object.
-    // FIXME: Check if scripting is enabled for the ESO.
-    return document().browsing_context();
+    return document().browsing_context() && const_cast<Document&>(document()).relevant_settings_object().is_scripting_enabled();
 }
 
 // https://html.spec.whatwg.org/multipage/webappapis.html#concept-n-noscript

Userland/Libraries/LibWeb/HTML/Scripting/ClassicScript.cpp

@@ -24,7 +24,9 @@ NonnullRefPtr<ClassicScript> ClassicScript::create(String filename, StringView s
     if (muted_errors == MutedErrors::Yes)
         base_url = "about:blank";
 
-    // FIXME: 3. If scripting is disabled for settings, then set source to the empty string.
+    // 3. If scripting is disabled for settings, then set source to the empty string.
+    if (environment_settings_object.is_scripting_disabled())
+        source = "";
 
     // 4. Let script be a new classic script that this algorithm will subsequently initialize.
     auto script = adopt_ref(*new ClassicScript(move(base_url), move(filename), environment_settings_object));

Userland/Libraries/LibWeb/HTML/Scripting/Environments.cpp

@@ -11,6 +11,7 @@
 #include <LibWeb/HTML/PromiseRejectionEvent.h>
 #include <LibWeb/HTML/Scripting/Environments.h>
 #include <LibWeb/HTML/Window.h>
+#include <LibWeb/Page/Page.h>
 
 namespace Web::HTML {
 
@@ -68,7 +69,9 @@ RunScriptDecision EnvironmentSettingsObject::can_run_script()
     if (is<Bindings::WindowObject>(global_object()) && !verify_cast<Bindings::WindowObject>(global_object()).impl().associated_document().is_fully_active())
         return RunScriptDecision::DoNotRun;
 
-    // FIXME: 2. If scripting is disabled for settings, then return "do not run".
+    // 2. If scripting is disabled for settings, then return "do not run".
+    if (is_scripting_disabled())
+        return RunScriptDecision::DoNotRun;
 
     // 3. Return "run".
     return RunScriptDecision::Run;
@@ -234,6 +237,31 @@ void EnvironmentSettingsObject::notify_about_rejected_promises(Badge<EventLoop>)
     });
 }
 
+// https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-script
+bool EnvironmentSettingsObject::is_scripting_enabled() const
+{
+    // Scripting is enabled for an environment settings object settings when all of the following conditions are true:
+    // The user agent supports scripting.
+    // NOTE: This is always true in LibWeb :^)
+
+    // The user has not disabled scripting for settings at this time. (User agents may provide users with the option to disable scripting globally, or in a finer-grained manner, e.g., on a per-origin basis, down to the level of individual environment settings objects.)
+    auto document = const_cast<EnvironmentSettingsObject&>(*this).responsible_document();
+    VERIFY(document);
+    if (!document->window().page()->is_scripting_enabled())
+        return false;
+
+    // FIXME: Either settings's global object is not a Window object, or settings's global object's associated Document's active sandboxing flag set does not have its sandboxed scripts browsing context flag set.
+
+    return true;
+}
+
+// https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-noscript
+bool EnvironmentSettingsObject::is_scripting_disabled() const
+{
+    // Scripting is disabled for an environment settings object when scripting is not enabled for it, i.e., when any of the above conditions are false.
+    return !is_scripting_enabled();
+}
+
 // https://html.spec.whatwg.org/multipage/webappapis.html#incumbent-settings-object
 EnvironmentSettingsObject& incumbent_settings_object()
 {

Userland/Libraries/LibWeb/HTML/Scripting/Environments.h

@@ -101,6 +101,9 @@ struct EnvironmentSettingsObject
 
     void notify_about_rejected_promises(Badge<EventLoop>);
 
+    bool is_scripting_enabled() const;
+    bool is_scripting_disabled() const;
+
 protected:
     explicit EnvironmentSettingsObject(JS::ExecutionContext& realm_execution_context);
 

Userland/Libraries/LibWeb/Page/Page.h

@@ -62,6 +62,9 @@ public:
     bool is_same_origin_policy_enabled() const { return m_same_origin_policy_enabled; }
     void set_same_origin_policy_enabled(bool b) { m_same_origin_policy_enabled = b; }
 
+    bool is_scripting_enabled() const { return m_is_scripting_enabled; }
+    void set_is_scripting_enabled(bool b) { m_is_scripting_enabled = b; }
+
 private:
     PageClient& m_client;
 
@@ -70,6 +73,8 @@ private:
 
     // FIXME: Enable this by default once CORS preflight checks are supported.
     bool m_same_origin_policy_enabled { false };
+
+    bool m_is_scripting_enabled { true };
 };
 
 class PageClient {