These are used by all the *-src attributes, to check if a given URL,
origin and redirect count matches a source list entry specified in
the *-src attribute's values, if it's allowed to.
This follows the implementation method that was used for the
implementation of ISO8601 parsing for Temporal in LibJS. Doing it this
way allows us to have state transactions, and thus pick out individual
parse nodes that the specification steps want to use.
These are not associated with a javascript realm, so to avoid
confusion about which realm these need to be created in, make
all of these objects a GC::Cell, and deal with the fallout.
These form the basis of Content Security Policy. A policy is a
collection of directives that are parsed from either the
Content-Security-Policy(-Report-Only) HTTP header, or the `<meta>`
element.
The directives are what restrict the operations can be performed in the
current global execution context. For example, "frame-ancestors: none"
tells us to prevent the page from being loaded in an embedded context,
such as `<iframe>`.
You can see it a bit like OpenBSD's pledge() functionality, but for the
web platform: https://man.openbsd.org/pledge.2
