Per the CSP specification, content injected by extensions is meant to
be exempt from page CSP. This patch takes care of the most common case
of content injected by extension content scripts, which always have
expanded principals which inherit from the page principal.
To make this easier, de-virtualize BasePrincipal::Kind(), using CTOR
initializers instead.
Manual checking of the origins in SecFetch fails, so we add this
capability to the base principal interface for sake of ease.
We could use ScriptSecurityManager directly but it's more convenient
this way and can be re-used elsewhere in the future.
Since these are just interpreted comments, there's 0 impact on actual code.
This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are
a few others scattered around which will be removed manually in a second part.
Moonchild
wolfbeast
roytam1