WIP: Give developers an opt-in mechanism to block some parser-inserted scripts.

third_party/WebKit/Source/core/frame/csp/SourceListDirective.h

Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
index 425680c9acde18c6058bbd4ef227ece2f08a5c86..5e6461961227a8704dc3ada78641800ba94e52e9 100644
--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h
@@ -47,6 +47,7 @@ class CORE_EXPORT SourceListDirective final : public CSPDirective {
   bool isHashOrNoncePresent() const;
   uint8_t hashAlgorithmsUsed() const;
   bool allowAllInline() const;
+  bool allowParserInsertedFromScript() const;
 
   // The algorothm is described more extensively here:
   // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list
@@ -93,6 +94,7 @@ class CORE_EXPORT SourceListDirective final : public CSPDirective {
   void addSourceUnsafeEval();
   void addSourceStrictDynamic();
   void addSourceUnsafeHashedAttributes();
+  void blockParserInserted();
   void addSourceNonce(const String& nonce);
   void addSourceHash(const ContentSecurityPolicyHashAlgorithm&,
                      const DigestValue& hash);
@@ -121,6 +123,7 @@ class CORE_EXPORT SourceListDirective final : public CSPDirective {
   bool m_allowEval;
   bool m_allowDynamic;
   bool m_allowHashedAttributes;
+  bool m_allowParserInsertedFromScript;
   HashSet<String> m_nonces;
   HashSet<CSPHashValue> m_hashes;
   uint8_t m_hashAlgorithmsUsed;