CSP: Allow hashed inline event handlers only with 'unsafe-hashed-attributes'

third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
index 42d4c08d83fb271e89af8a36caadce373c4cd779..f9915535caf4d7fd4bd50b327af9e46aeef4f2fd 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
@@ -39,6 +39,7 @@ CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& direct
     , m_allowInline(false)
     , m_allowEval(false)
     , m_allowDynamic(false)
+    , m_allowHashedAttributes(false)
     , m_hashAlgorithmsUsed(0)
 {
 }
@@ -89,6 +90,11 @@ bool CSPSourceList::allowHash(const CSPHashValue& hashValue) const
     return m_hashes.contains(hashValue);
 }
 
+bool CSPSourceList::allowHashedAttributes() const
+{
+    return m_allowHashedAttributes;
+}
+
 uint8_t CSPSourceList::hashAlgorithmsUsed() const
 {
     return m_hashAlgorithmsUsed;
@@ -175,6 +181,11 @@ bool CSPSourceList::parseSource(const UChar* begin, const UChar* end, String& sc
         return true;
     }
 
+    if (equalIgnoringCase("'unsafe-hashed-attributes'", begin, end - begin)) {
+        addSourceUnsafeHashedAttributes();
+        return true;
+    }
+
     String nonce;
     if (!parseNonce(begin, end, nonce))
         return false;
@@ -497,6 +508,11 @@ void CSPSourceList::addSourceUnsafeDynamic()
     m_allowDynamic = true;
 }
 
+void CSPSourceList::addSourceUnsafeHashedAttributes()
+{
+    m_allowHashedAttributes = true;
+}
+
 void CSPSourceList::addSourceNonce(const String& nonce)
 {
     m_nonces.add(nonce);