Disallow CSP source * matching of data:, blob:, and filesystem: URLs

chrome/common/extensions/docs/templates/articles/app_csp.html

Index: chrome/common/extensions/docs/templates/articles/app_csp.html
diff --git a/chrome/common/extensions/docs/templates/articles/app_csp.html b/chrome/common/extensions/docs/templates/articles/app_csp.html
index 3dad58edc1e4cb849f3c59f034b06828afc3ec1d..04d7709facd4a533ebbc5a285bda64d95f90f5a3 100644
--- a/chrome/common/extensions/docs/templates/articles/app_csp.html
+++ b/chrome/common/extensions/docs/templates/articles/app_csp.html
@@ -51,12 +51,12 @@ you from doing the following:</p>
 
 <pre>
 default-src 'self';
-connect-src *;
+connect-src * data: blob: filesystem:;
 style-src 'self' data: chrome-extension-resource: 'unsafe-inline';
 img-src 'self' data: chrome-extension-resource:;
 frame-src 'self' data: chrome-extension-resource:;
 font-src 'self' data: chrome-extension-resource:;
-media-src *;
+media-src * data: blob: filesystem:;
 </pre>
 
 <p>