Implement ContentSecurityPolicy on the browser-side.

third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/frame/csp/SourceListDirective.h"
 
 #include "core/frame/csp/CSPSource.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "platform/network/ContentSecurityPolicyParsers.h"
 #include "platform/weborigin/KURL.h"
@@ skipping 678 matching lines @@
     // have no allowed CSPSources.
     return allowDynamicOther || !normalizedB.size();
   }
 
   // If embedding CSP specifies `self`, `self` refers to the embedee's origin.
   HeapVector<Member<CSPSource>> normalizedA =
       getSources(other[0]->m_policy->getSelfSource());
   return CSPSource::firstSubsumesSecond(normalizedA, normalizedB);
 }
 
+WebContentSecurityPolicySourceList SourceListDirective::expose() const {
+  WebContentSecurityPolicySourceList sourceList;
+  sourceList.allowSelf = m_allowSelf;
+  sourceList.allowStar = m_allowStar;
+  WebVector<WebContentSecurityPolicySourceExpression> list(m_list.size());
+  for (size_t i = 0; i < m_list.size(); ++i)
+    list[i] = m_list[i]->expose();
+  sourceList.sources.swap(list);
+  return sourceList;
+}
+
 bool SourceListDirective::subsumesNoncesAndHashes(
     const HashSet<String>& nonces,
     const HashSet<CSPHashValue> hashes) const {
   for (const auto& nonce : nonces) {
     if (!m_nonces.contains(nonce))
       return false;
   }
   for (const auto& hash : hashes) {
     if (!m_hashes.contains(hash))
       return false;
@@ skipping 100 matching lines @@
   return normalized;
 }
 
 DEFINE_TRACE(SourceListDirective) {
   visitor->trace(m_policy);
   visitor->trace(m_list);
   CSPDirective::trace(visitor);
 }
 
 }  // namespace blink