Implement ContentSecurityPolicy on the browser-side.

third_party/WebKit/Source/core/frame/csp/SourceListDirective.h

Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
index 425680c9acde18c6058bbd4ef227ece2f08a5c86..17aadca820b441a385e5009ae98f9406681159d2 100644
--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
@@ -11,6 +11,7 @@
 #include "platform/Crypto.h"
 #include "platform/network/ContentSecurityPolicyParsers.h"
 #include "platform/network/ResourceRequest.h"
+#include "public/platform/WebContentSecurityPolicy.h"
 #include "wtf/HashSet.h"
 #include "wtf/text/WTFString.h"
 
@@ -52,6 +53,12 @@ class CORE_EXPORT SourceListDirective final : public CSPDirective {
   // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list
   bool subsumes(const HeapVector<Member<SourceListDirective>>&) const;
 
+  // Export a subset of the source list that affect navigation.
+  // It contains every source-expressions, '*', 'none' and 'self'.
+  // It doesn't contain 'unsafe-inline' or 'unsafe-eval' for instance.
+  WebContentSecurityPolicySourceList exposeForNavigationalChecks() const;
+  String directiveName() const { return m_directiveName; }
+
  private:
   FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources);
   FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest,