Enable CSP on more WebUI pages

chrome/browser/ui/webui/interstitials/interstitial_ui.cc

Index: chrome/browser/ui/webui/interstitials/interstitial_ui.cc
diff --git a/chrome/browser/ui/webui/interstitials/interstitial_ui.cc b/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
index a0dc29837e5bfbd696dafa92451f64dcefaea952..039d293ecef367e388237d2d63d25cbedc333b4c 100644
--- a/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
+++ b/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
@@ -46,7 +46,8 @@ class InterstitialHTMLSource : public content::URLDataSource {
   // content::URLDataSource:
   std::string GetMimeType(const std::string& mime_type) const override;
   std::string GetSource() const override;
-  bool ShouldAddContentSecurityPolicy() const override;
+  std::string GetContentSecurityPolicyScriptSrc() const override;
+  std::string GetContentSecurityPolicyObjectSrc() const override;
   void StartDataRequest(
       const std::string& path,
       int render_process_id,
@@ -308,9 +309,16 @@ std::string InterstitialHTMLSource::GetSource() const {
   return chrome::kChromeUIInterstitialHost;
 }
 
-bool InterstitialHTMLSource::ShouldAddContentSecurityPolicy()
-    const {
-  return false;
+std::string InterstitialHTMLSource::GetContentSecurityPolicyScriptSrc() const {
+  // Add 'unsafe-inline' to script-src.
+  return "script-src chrome://resources 'self' 'unsafe-eval' 'unsafe-inline';";
+}
+
+std::string InterstitialHTMLSource::GetContentSecurityPolicyObjectSrc() const {
+  // Add style-src and img-src.
+  return "object-src 'none';"
+      "style-src 'self' 'unsafe-inline';"
+      "img-src data:;";
 }
 
 void InterstitialHTMLSource::StartDataRequest(