Add <script nomodule> to prevent script evaluation

This allows selective delivery of classic scripts only to older user
agents. Fixes #1442.

source

@@ -56958,6 +56958,7 @@ interface <dfn>HTMLDialogElement</dfn> : <span>HTMLElement</span> {
    <dd><span>Global attributes</span></dd>
    <dd><code data-x="attr-script-src">src</code></dd>
    <dd><code data-x="attr-script-type">type</code></dd>
+   <dd><code data-x="attr-script-nomodule">nomodule</code></dd>
    <dd><code data-x="attr-script-charset">charset</code></dd>
    <dd><code data-x="attr-script-async">async</code></dd>
    <dd><code data-x="attr-script-defer">defer</code></dd>
@@ -56970,6 +56971,7 @@ interface <dfn>HTMLDialogElement</dfn> : <span>HTMLElement</span> {
 interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
   [<span>CEReactions</span>] attribute USVString <span data-x="dom-script-src">src</span>;
   [<span>CEReactions</span>] attribute DOMString <span data-x="dom-script-type">type</span>;
+  [<span>CEReactions</span>] attribute boolean <span data-x="dom-script-noModule">noModule</span>;
   [<span>CEReactions</span>] attribute DOMString <span data-x="dom-script-charset">charset</span>;
   [<span>CEReactions</span>] attribute boolean <span data-x="dom-script-async">async</span>;
   [<span>CEReactions</span>] attribute boolean <span data-x="dom-script-defer">defer</span>;
@@ -57037,10 +57039,20 @@ interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
   data-x="attr-script-type">type</code> attribute, and the contents of the <code>script</code>
   element must conform to the requirements defined for the format used. The <code
   data-x="attr-script-src">src</code>, <code data-x="attr-script-charset">charset</code>, <code
-  data-x="attr-script-async">async</code>, <code data-x="attr-script-defer">defer</code>, <code
+  data-x="attr-script-async">async</code>, <code data-x="attr-script-nomodule">nomodule</code>,
+  <code data-x="attr-script-defer">defer</code>, <code
   data-x="attr-script-crossorigin">crossorigin</code>, <code data-x="attr-script-nonce">nonce</code>
   and <code data-x="attr-script-integrity">integrity</code> attributes must not be specified.</p>
 
+  <p>The <dfn><code data-x="attr-script-nomodule">nomodule</code></dfn> attribute is a <span>boolean
+  attribute</span> that prevents a script from being executed in user agents that support
+  <span data-x="module script">module scripts</span>. This allows selective execution of <span
+  data-x="module script">module scripts</span> in modern user agents and <span data-x="classic
+  script">classic scripts</span> in older user agents, <a href="#script-nomodule-example">as shown
+  below</a>. The <code data-x="attr-script-nomodule">nomodule</code> attribute must not be
+  specified on <span data-x="module script">module scripts</span> (and will be ignored if it
+  is).</p>
+
   <p>The <dfn><code data-x="attr-script-charset">charset</code></dfn> attribute gives the character
   encoding of the external script resource. The attribute must not be specified if the <code
   data-x="attr-script-src">src</code> attribute is not present, or if the script is not a
@@ -57127,6 +57139,7 @@ interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
 
   <p>Changing the <code data-x="attr-script-src">src</code>, <code
   data-x="attr-script-type">type</code>, <code data-x="attr-script-charset">charset</code>, <code
+  data-x="attr-script-nomodule">nomodule</code>, <code
   data-x="attr-script-async">async</code>, <code data-x="attr-script-defer">defer</code>, <code
   data-x="attr-script-crossorigin">crossorigin</code>, <code data-x="attr-script-nonce">nonce</code>
   and <code data-x="attr-script-integrity">integrity</code> attributes dynamically has no direct
@@ -57146,6 +57159,10 @@ interface <dfn>HTMLScriptElement</dfn> : <span>HTMLElement</span> {
   <p>The <dfn><code data-x="dom-script-crossOrigin">crossOrigin</code></dfn> IDL attribute must
   <span>reflect</span> the <code data-x="attr-script-crossorigin">crossorigin</code> content attribute.</p>
 
+  <p>The <dfn><code data-x="dom-script-noModule">noModule</code></dfn> IDL attribute must
+  <span>reflect</span> the <code data-x="attr-script-nomodule">nomodule</code> content
+  attribute.</p>
+
   <p>The <dfn><code data-x="dom-script-async">async</code></dfn> IDL attribute controls whether the
   element will execute asynchronously or not. If the element's <span>"non-blocking"</span> flag is
   set, then, on getting, the <code data-x="dom-script-async">async</code> IDL attribute must return
@@ -57266,6 +57283,27 @@ o............A....e
 
   </div>
 
+  <div class="example" id="script-nomodule-example">
+
+  <p>This example shows how to include a <span>module script</span> for modern user agents, and a
+  <span>classic script</span> for older user agents:</p>
+
+  <pre>&lt;script type="module" src="app.js">&lt;/script>
+&lt;script nomodule src="classic-app-bundle.js">&lt;/script></pre>
+
+  <p>In modern user agents that support <span data-x="module script">module scripts</span>, the
+  <code>script</code> element with the <code data-x="attr-script-nomodule">nomodule</code> attribute
+  will be ignored, and the <code>script</code> element with a <code
+  data-x="attr-script-type">type</code> of "<code data-x="">module</code>" will be fetched and
+  evaluated (as a <span>module script</span>). Conversely, older user agents will ignore the
+  <code>script</code> element with a <code data-x="attr-script-type">type</code> of "<code
+  data-x="">module</code>", as that is an unknown script type for them — but they will have no
+  problem fetching and evaluating the other <code>script</code> element (as a <span>classic
+  script</span>), since they do not implement the <code
+  data-x="attr-script-nomodule">nomodule</code> attribute.</p>
+
+  </div>
+
   <div class="example" id="script-type-module-example-2">
 
    <p>The following sample shows how a <code>script</code> element can be used to write an inline
@@ -57529,6 +57567,17 @@ o............A....e
     <ref spec=DOMPARSING> <ref spec=XSLTP> <ref spec=DOM></p>
 
 
+   </li>
+
+   <li>
+
+   <p>If the <code>script</code> element has a <code data-x="attr-script-nomodule">nomodule</code>
+   content attribute and <span data-x="concept-script-type">the script's type</span> is "<code
+   data-x="">classic</code>", then abort these steps. The script is not executed.</p>
+
+   <p class="note">This means specifying <code data-x="attr-script-nomodule">nomodule</code> on a
+   <span>module script</span> has no effect; the algorithm continues onward.</p>
+
    </li>
 
    <li id="script-processing-csp"><p>If the <code>script</code> element does not have a <code
@@ -116910,6 +116959,11 @@ interface <dfn>External</dfn> {
           <code data-x="attr-style-nonce">style</code>
      <td> Cryptographic nonce used in <cite>Content Security Policy</cite> checks <ref spec="CSP">
      <td> <a href="#attribute-text">Text</a>
+    <tr>
+     <th> <code data-x="">nomodule</code>
+     <td> <code data-x="attr-script-nomodule">script</code>
+     <td> Prevents execution in user agents that support <span data-x="module script">module scripts</span>
+     <td> <span>Boolean attribute</span>
     <tr>
      <th> <code data-x="">novalidate</code>
      <td> <code data-x="attr-fs-novalidate">form</code>