Add DeviceDisablingManager to manage device disabling

chrome/browser/resources/chromeos/login/screen_device_disabled.js

Index: chrome/browser/resources/chromeos/login/screen_device_disabled.js
diff --git a/chrome/browser/resources/chromeos/login/screen_device_disabled.js b/chrome/browser/resources/chromeos/login/screen_device_disabled.js
index 3b0c1618e6f6c271897366adf2764ace978a0bfc..a1e10633dccd359dda3b60d1549a8a565beda5dc 100644
--- a/chrome/browser/resources/chromeos/login/screen_device_disabled.js
+++ b/chrome/browser/resources/chromeos/login/screen_device_disabled.js
@@ -13,6 +13,11 @@ login.createScreen('DeviceDisabledScreen', 'device-disabled', function() {
     ],
 
     /**
+     * Ignore any accelerators the user presses on this screen.
+     */
+    ignoreAccelerators: true,
+
+    /**
      * The visibility of the cancel button in the header bar is controlled by a
      * global. Although the device disabling screen hides the button, a
      * notification intended for an earlier screen (e.g animation finished)
@@ -40,6 +45,8 @@ login.createScreen('DeviceDisabledScreen', 'device-disabled', function() {
       * @private
       */
     setMessage: function(message) {
+      // The contents of |message| is untrusted. Set it as |textContent| so that
+      // it gets treated as plain text and cannot be used to inject JS or HTML.
       $('device-disabled-message').textContent = message;
     }
   };