CSP: Allow hashed inline event handlers only with 'unsafe-hashed-attributes'

third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
index 91405a799168f67ed1f79ea00c8760b6b1a23c74..df588a0dc8294dbbd0258efe7a24d1c2921eb68b 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
@@ -62,6 +62,16 @@ TEST_F(CSPSourceListTest, BasicMatchingUnsafeDynamic)
     EXPECT_TRUE(sourceList.allowDynamic());
 }
 
+TEST_F(CSPSourceListTest, BasicMatchingUnsafeHashedAttributes)
+{
+    String sources = "'unsafe-hashed-attributes'";
+    CSPSourceList sourceList(csp.get(), "script-src");
+    parseSourceList(sourceList, sources);
+
+    EXPECT_TRUE(sourceList.allowHashedAttributes());
+}
+
+
 TEST_F(CSPSourceListTest, BasicMatchingStar)
 {
     KURL base;