use nonced_javascript_tag instead of script tags

app/views/layouts/admin.html.erb

@@ -6,9 +6,9 @@
   <body class="govuk-template__body ">
     <%= render partial: "shared/analytics/google_noscript" %>
 
-    <script>
+    <%= nonced_javascript_tag do %>
       document.body.className = ((document.body.className) ? document.body.className + ' js-enabled' : 'js-enabled');
-    </script>
+    <% end %>
 
     <a href="#main-content" class="govuk-skip-link">Skip to main content</a>
 

app/views/layouts/api_docs.html.erb

@@ -11,9 +11,9 @@
     <%= render partial: "layouts/shared/govuk_javascript" %>
     <%= render partial: "shared/analytics/google_noscript" %>
 
-    <script>
+    <%= nonced_javascript_tag do %>
       document.body.className = ((document.body.className) ? document.body.className + ' js-enabled' : 'js-enabled');
-    </script>
+    <% end %>
 
     <a href="#main-content" class="govuk-skip-link">Skip to main content</a>
 

app/views/layouts/shared/_govuk_javascript.html.erb

@@ -1,3 +1,3 @@
-<script nonce="<%= request.content_security_policy_nonce %>">
+<%= nonced_javascript_tag do %>
   document.body.className += ' js-enabled' + ('noModule' in HTMLScriptElement.prototype ? ' govuk-frontend-supported' : '');
-</script>
+<% end %>

app/views/layouts/shared/_head.html.erb

@@ -27,8 +27,8 @@
   <%= yield :head %>
 
   <% if Rails.env.development? %>
-    <script>
+    <%= nonced_javascript_tag do %>
       console.log(<%= session.to_json.html_safe %>)
-    </script>
+    <% end %>
   <% end %>
 </head>