Load the Chrome Cleaner partner logo SVG with <embed>.

The logo now has a title attr in it for screen readers. But when its
set as the background of a <span>, or as an <img> src, screen readers
don't look at the tags inside. For the screen reader to view the tag,
it seems the <svg> element must be part of the DOM tree, such as when
it's added with <embed>.

Bug: 767130
Change-Id: I5d28030fc90c269aa6a13a605f24c698915f6c5d
Reviewed-on: https://chromium-review.googlesource.com/c/1352822Reviewed-by: Hector Carmona <hcarmona@chromium.org>
Commit-Queue: Joe Mason <joenotcharles@google.com>
Cr-Commit-Position: refs/heads/master@{#612409}

chrome/browser/resources/settings/chrome_cleanup_page/chrome_cleanup_page.html

@@ -37,7 +37,6 @@
 
       /* Used by |chromeCleanupPoweredByHTML| */
       #powered-by-logo {
-        content: url(chrome://settings/partner-logo.svg);
         height: 22px;
       }
 

chrome/browser/ui/webui/settings/md_settings_localized_strings_provider.cc

@@ -983,9 +983,13 @@ void AddChromeCleanupStrings(content::WebUIDataSource* html_source) {
           .spec();
   html_source->AddString("chromeCleanupLearnMoreUrl", cleanup_learn_more_url);
 
-  const base::string16 powered_by_html =
-      l10n_util::GetStringFUTF16(IDS_SETTINGS_RESET_CLEANUP_FOOTER_POWERED_BY,
-                                 L"<span id='powered-by-logo'></span>");
+  // The "powered by" footer contains an HTML fragment with the SVG logo of the partner. The logo
+  // is added to the DOM using <embed>, rather than as an <img> src, to make sure that screen
+  // readers can find accessibility tags inside the svg.
+  const base::string16 powered_by_html = l10n_util::GetStringFUTF16(
+      IDS_SETTINGS_RESET_CLEANUP_FOOTER_POWERED_BY,
+      L"<embed type='image/svg+xml' id='powered-by-logo' "
+      L"src='chrome://settings/partner-logo.svg'></embed>");
   html_source->AddString("chromeCleanupPoweredByHtml", powered_by_html);
 
   const base::string16 cleanup_details_explanation =

chrome/browser/ui/webui/settings/md_settings_ui.cc

@@ -249,6 +249,12 @@ MdSettingsUI::MdSettingsUI(content::WebUI* web_ui)
 
 #if defined(GOOGLE_CHROME_BUILD)
   html_source->AddResourcePath("partner-logo.svg", IDR_CHROME_CLEANUP_PARTNER);
+
+  // partner-logo.svg is loaded with <embed>, which needs to relax several
+  // security policies.
+  html_source->OverrideContentSecurityPolicyObjectSrc("object-src chrome:;");
+  html_source->OverrideContentSecurityPolicyChildSrc("child-src chrome:;");
+  html_source->DisableDenyXFrameOptions();
 #if BUILDFLAG(OPTIMIZE_WEBUI)
   exclude_from_gzip.push_back("partner-logo.svg");
 #endif