Add schema chrome-extension-resource:// for extension resources

chrome/common/extensions/csp_validator.cc

Index: chrome/common/extensions/csp_validator.cc
diff --git a/chrome/common/extensions/csp_validator.cc b/chrome/common/extensions/csp_validator.cc
index e80468b8e5b878410d023b5537d36e1d2a291ed8..0c45060133d60c8e95bce9d8044ff75e2ac41dbd 100644
--- a/chrome/common/extensions/csp_validator.cc
+++ b/chrome/common/extensions/csp_validator.cc
@@ -43,7 +43,8 @@ bool HasOnlySecureTokens(StringTokenizer& tokenizer) {
         source == "'none'" ||
         StartsWithASCII(source, "https://", true) ||
         StartsWithASCII(source, "chrome://", true) ||
-        StartsWithASCII(source, "chrome-extension://", true)) {
+        StartsWithASCII(source, "chrome-extension://", true) ||
+        StartsWithASCII(source, "chrome-extension-resource:", true)) {

[Aaron Boodman, 2012/04/18 17:52:24]

Why not "//" here too?

[Peng, 2012/04/18 18:29:16]

Because I tried "CER://" here and default CSP, it doesn't work.

       continue;

[Tom Sepez, 2012/04/18 18:03:01]

There has needed to be a comment here for some time.  There's some trickery
going on here to prevent wildcarding entire schemes.  CSP itself treats scheme:
and scheme:// differently.  The former is a wildcard for the entire scheme, the
latter is the specific URL with no other components and does not match any other
scheme: URL (I didn't write the spec). 

     }