Index: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
index 42d4c08d83fb271e89af8a36caadce373c4cd779..f9915535caf4d7fd4bd50b327af9e46aeef4f2fd 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp |
@@ -39,6 +39,7 @@ CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& direct |
, m_allowInline(false) |
, m_allowEval(false) |
, m_allowDynamic(false) |
+ , m_allowHashedAttributes(false) |
, m_hashAlgorithmsUsed(0) |
{ |
} |
@@ -89,6 +90,11 @@ bool CSPSourceList::allowHash(const CSPHashValue& hashValue) const |
return m_hashes.contains(hashValue); |
} |
+bool CSPSourceList::allowHashedAttributes() const |
+{ |
+ return m_allowHashedAttributes; |
+} |
+ |
uint8_t CSPSourceList::hashAlgorithmsUsed() const |
{ |
return m_hashAlgorithmsUsed; |
@@ -175,6 +181,11 @@ bool CSPSourceList::parseSource(const UChar* begin, const UChar* end, String& sc |
return true; |
} |
+ if (equalIgnoringCase("'unsafe-hashed-attributes'", begin, end - begin)) { |
+ addSourceUnsafeHashedAttributes(); |
+ return true; |
+ } |
+ |
String nonce; |
if (!parseNonce(begin, end, nonce)) |
return false; |
@@ -497,6 +508,11 @@ void CSPSourceList::addSourceUnsafeDynamic() |
m_allowDynamic = true; |
} |
+void CSPSourceList::addSourceUnsafeHashedAttributes() |
+{ |
+ m_allowHashedAttributes = true; |
+} |
+ |
void CSPSourceList::addSourceNonce(const String& nonce) |
{ |
m_nonces.add(nonce); |