CSP: Fire 'SecurityPolicyViolation' on the offending element.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
index a51449bb06735d0bb26130fbe62482d901406d74..d870df742890309c098a472d64a9e26500f31b32 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -62,6 +62,7 @@ class FrameLoaderClient;
 class KURL;
 class ResourceRequest;
 class SecurityOrigin;
+class SecurityPolicyViolationEventInit;
 
 typedef int SandboxFlags;
 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector;
@@ -143,10 +144,20 @@ class CORE_EXPORT ContentSecurityPolicy
 
   std::unique_ptr<Vector<CSPHeaderAndType>> headers() const;
 
-  bool allowJavaScriptURLs(const String& contextURL,
+  // |element| will not be present for navigations to javascript URLs,
+  // as those checks happen in the middle of the navigation algorithm,
+  // and we generally don't have access to the responsible element.
+  bool allowJavaScriptURLs(Element*,
+                           const String& contextURL,
                            const WTF::OrdinalNumber& contextLine,
                            ReportingStatus = SendReport) const;
-  bool allowInlineEventHandler(const String& source,
+
+  // |element| will be present almost all of the time, but because of
+  // strangeness around targeting handlers for '<body>', '<svg>', and
+  // '<frameset>', it will be 'nullptr' for handlers on those
+  // elements.
+  bool allowInlineEventHandler(Element*,
+                               const String& source,
                                const String& contextURL,
                                const WTF::OrdinalNumber& contextLine,
                                ReportingStatus = SendReport) const;
@@ -214,13 +225,14 @@ class CORE_EXPORT ContentSecurityPolicy
                             const String& nonce,
                             RedirectStatus = RedirectStatus::NoRedirect,
                             ReportingStatus = SendReport) const;
-  bool allowInlineScript(const String& contextURL,
+  bool allowInlineScript(Element*,
+                         const String& contextURL,
                          const String& nonce,
-                         ParserDisposition,
                          const WTF::OrdinalNumber& contextLine,
                          const String& scriptContent,
                          ReportingStatus = SendReport) const;
-  bool allowInlineStyle(const String& contextURL,
+  bool allowInlineStyle(Element*,
+                        const String& contextURL,
                         const String& nonce,
                         const WTF::OrdinalNumber& contextLine,
                         const String& styleContent,
@@ -317,7 +329,8 @@ class CORE_EXPORT ContentSecurityPolicy
                        ViolationType,
                        LocalFrame* = nullptr,
                        RedirectStatus = RedirectStatus::FollowedRedirect,
-                       int contextLine = 0);
+                       int contextLine = 0,
+                       Element* = nullptr);
 
   // Called when mixed content is detected on a page; will trigger a violation
   // report if the 'block-all-mixed-content' directive is specified for a
@@ -375,6 +388,9 @@ class CORE_EXPORT ContentSecurityPolicy
 
   bool shouldSendViolationReport(const String&) const;
   void didSendViolationReport(const String&);
+  void dispatchViolationEvents(const SecurityPolicyViolationEventInit&,
+                               Element*,
+                               Document*);
 
   Member<ExecutionContext> m_executionContext;
   bool m_overrideInlineStyleAllowed;