Add an error page for resources blocked via XSS Auditor.

components/error_page_strings.grdp

Index: components/error_page_strings.grdp
diff --git a/components/error_page_strings.grdp b/components/error_page_strings.grdp
index a30640b33884409450e2a112cf19de5c6befce83..df0bab2c03697a4b5e1943eafc3b942307d4b251 100644
--- a/components/error_page_strings.grdp
+++ b/components/error_page_strings.grdp
@@ -260,6 +260,9 @@
   <message name="IDS_ERRORPAGES_SUMMARY_BLOCKED_BY_EXTENSION" desc="Summary in the error page when an extension blocks a request.">
     Requests to the server have been blocked by an extension.
   </message>
+  <message name="IDS_ERRORPAGES_SUMMARY_BLOCKED_BY_XSS_AUDITOR" desc="Summary in the error page when the XSS Auditor blocks a response.">

[Tom Sepez, 2016/10/28 16:45:59]

I don't think our users are likely to understand this, and will probably scare
them.  It doesn't provide an actionable next step. Let's see what enamel says.

[meacer, 2016/10/28 17:38:30]

(Not official Enamel™ stance) I tend to agree with Tom, and a console message
associated with a blank page sounds a tad better. It's also in line with other
security related headers (e.g. X-Frame-Options blocking the iframe and
displaying a blank page)

I'm worried that some clever attacker will trigger this and use it for social
engineering in the future. (Your Google is infected, click here to upgrade it!)

+    This page contains code which appears to be the result of a cross-site scripting attack, and is configured to block such requests.
+  </message>
   <message name="IDS_ERRORPAGES_SUMMARY_BLOCKED_BY_ADMINISTRATOR" desc="Summary in the error page when an administrator policy blocks a request.">
     The person who set up this computer has chosen to block this site.
   </message>