Add a configurable parse-depth limit when parsing JFV headers, and use it for Feature-Policy Header

third_party/WebKit/Source/platform/network/HTTPParsers.h

Index: third_party/WebKit/Source/platform/network/HTTPParsers.h
diff --git a/third_party/WebKit/Source/platform/network/HTTPParsers.h b/third_party/WebKit/Source/platform/network/HTTPParsers.h
index 681f1407577ee11af942769bce2edf7c8f587807..a4941d8d1d6010c285d6f726ebd0e097680f2583 100644
--- a/third_party/WebKit/Source/platform/network/HTTPParsers.h
+++ b/third_party/WebKit/Source/platform/network/HTTPParsers.h
@@ -162,9 +162,11 @@ PLATFORM_EXPORT bool parseMultipartHeadersFromBody(const char* bytes,
 
 // Parses a header value containing JSON data, according to
 // https://tools.ietf.org/html/draft-ietf-httpbis-jfv-01
-// Returns an empty unique_ptr if the header cannot be parsed as JSON.
-PLATFORM_EXPORT std::unique_ptr<JSONArray> parseJSONHeader(
-    const String& header);
+// Returns an empty unique_ptr if the header cannot be parsed as JSON. JSON
+// strings which represent object nested deeper than |maxParseDepth| will also
+// cause an empty return value.
+PLATFORM_EXPORT std::unique_ptr<JSONArray> parseJSONHeader(const String& header,
+                                                           int maxParseDepth);
 
 }  // namespace blink