Ignore insecure parts of CSP in extensions and allow extension to load

extensions/common/csp_validator.h

Index: extensions/common/csp_validator.h
diff --git a/extensions/common/csp_validator.h b/extensions/common/csp_validator.h
index 192f898c8664c8a2db70158a5b38225ad9ab0d73..d336dda3e27768802b66980d79e675dbc148e667 100644
--- a/extensions/common/csp_validator.h
+++ b/extensions/common/csp_validator.h
@@ -41,8 +41,15 @@ enum Options {
 // case for extensions. Platform apps disallow it.
 //
 // |options| is a bitmask of Options.
-bool ContentSecurityPolicyIsSecure(
-    const std::string& policy, int options);
+//
+// If |sanitized_csp| is not NULL, |policy| minus the insecure values is stored
+// in |sanitized_csp|.

[not at google - send to devlin, 2014/12/03 20:33:05]

If you're going to rename this to "SanitizeCSP" or whatever, then sanitized_csp
shouldn't be [documented, not treated as] an optional parameter.

+// If |warnings| is not NULL, any validation errors are appended to |warnings|.
+// Returns whether |policy| meets the minimum security requirements.

[not at google - send to devlin, 2014/12/03 20:33:05]

This happens iff there were no warnings, right? You could also mention that.

+bool ContentSecurityPolicyIsSecure(const std::string& policy,
+                                   int options,
+                                   std::string* sanitized_csp,
+                                   std::vector<InstallWarning>* warnings);
 
 // Checks whether the given |policy| enforces a unique origin sandbox as
 // defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/