Do no interrupt V8 for CSP checks when there are no CSP.

This patch is the revert of the diff in between patchset 4 and 5 of:
https://chromium-review.googlesource.com/c/chromium/src/+/1947741/4..5

This caused a 4.2% regression in the octane benchmark. The real reasons
is still unknown. It must be investigated. This revert can be seen as a
temporary bandage until we figure out the cause of the performance
regression.

Bug: 1031311
Change-Id: Ib22008a4557b6f05cc170e80cf71762b0b45b4b6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1974092Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#726429}

third_party/blink/renderer/bindings/core/v8/local_window_proxy.cc

@@ -199,14 +199,9 @@ void LocalWindowProxy::Initialize() {
       (world_->IsIsolatedWorld() &&
        IsolatedWorldCSP::Get().HasContentSecurityPolicy(world_->GetWorldId()));
   if (evaluate_csp_for_eval) {
-    // Using 'false' here means V8 will always call back blink for every 'eval'
-    // call being made. Blink executes CSP checks and returns whether or not
-    // V8 can proceed. The callback is
-    // V8Initializer::CodeGenerationCheckCallbackInMainThread().
-    context->AllowCodeGenerationFromStrings(false);
-
     ContentSecurityPolicy* csp =
         GetFrame()->GetDocument()->GetContentSecurityPolicyForWorld();
+    context->AllowCodeGenerationFromStrings(!csp->ShouldCheckEval());
     context->SetErrorMessageForCodeGenerationFromStrings(
         V8String(GetIsolate(), csp->EvalDisabledErrorMessage()));
   }

third_party/blink/renderer/core/frame/csp/content_security_policy.cc

@@ -525,6 +525,14 @@ bool ContentSecurityPolicy::IsScriptInlineType(InlineType inline_type) {
   }
 }
 
+bool ContentSecurityPolicy::ShouldCheckEval() const {
+  for (const auto& policy : policies_) {
+    if (policy->ShouldCheckEval())
+      return true;
+  }
+  return IsRequireTrustedTypes();
+}
+
 bool ContentSecurityPolicy::AllowEval(
     SecurityViolationReportingPolicy reporting_policy,
     ContentSecurityPolicy::ExceptionStatus exception_status,

third_party/blink/renderer/core/frame/csp/content_security_policy.h

@@ -231,6 +231,13 @@ class CORE_EXPORT ContentSecurityPolicy final
 
   Vector<CSPHeaderAndType> Headers() const;
 
+  // Returns whether or not the Javascript code generation should call back the
+  // CSP checker before any script evaluation from a string attempts.
+  //
+  // CSP has two mechanisms for controlling eval: script-src and TrustedTypes.
+  // This returns true when any of those should to be checked.
+  bool ShouldCheckEval() const;
+
   // When the reporting status is |SendReport|, the |ExceptionStatus|
   // should indicate whether the caller will throw a JavaScript
   // exception in the event of a violation. When the caller will throw

third_party/blink/renderer/core/frame/csp/csp_directive_list.cc

@@ -741,6 +741,10 @@ bool CSPDirectiveList::AllowInline(
   return !directive || directive->AllowAllInline();
 }
 
+bool CSPDirectiveList::ShouldCheckEval() const {
+  return script_src_ && !script_src_->AllowEval();
+}
+
 bool CSPDirectiveList::AllowEval(
     SecurityViolationReportingPolicy reporting_policy,
     ContentSecurityPolicy::ExceptionStatus exception_status,

third_party/blink/renderer/core/frame/csp/csp_directive_list.h

@@ -60,6 +60,10 @@ class CORE_EXPORT CSPDirectiveList final
                    const WTF::OrdinalNumber& context_line,
                    SecurityViolationReportingPolicy) const;
 
+  // Returns whether or not the Javascript code generation should call back the
+  // CSP checker before any script evaluation from a string is being made.
+  bool ShouldCheckEval() const;
+
   bool AllowEval(SecurityViolationReportingPolicy,
                  ContentSecurityPolicy::ExceptionStatus,
                  const String& script_content) const;