Implementation of script hashes for CSP.

Source/core/frame/ContentSecurityPolicy.cpp

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 26 matching lines @@
 #include "core/inspector/ScriptCallStack.h"
 #include "core/loader/DocumentLoader.h"
 #include "core/loader/PingLoader.h"
 #include "core/frame/ContentSecurityPolicyResponseHeaders.h"
 #include "core/frame/Frame.h"
 #include "core/page/UseCounter.h"
 #include "core/platform/ParsingUtilities.h"
 #include "core/platform/network/FormData.h"
 #include "core/platform/network/ResourceResponse.h"
 #include "platform/JSONValues.h"
+#include "platform/NotImplemented.h"
 #include "weborigin/KURL.h"
 #include "weborigin/KnownPorts.h"
 #include "weborigin/SchemeRegistry.h"
 #include "weborigin/SecurityOrigin.h"
 #include "wtf/HashSet.h"
+#include "wtf/SHA1.h"
+#include "wtf/text/Base64.h"
+#include "wtf/text/StringBuilder.h"
 #include "wtf/text/TextPosition.h"
 #include "wtf/text/WTFString.h"
 
 namespace WebCore {
 
 // Normally WebKit uses "static" for internal linkage, but using "static" for
 // these functions causes a compile error because these functions are used as
 // template parameters.
 namespace {
 
 bool isDirectiveNameCharacter(UChar c)
 {
     return isASCIIAlphanumeric(c) || c == '-';
 }
 
 bool isDirectiveValueCharacter(UChar c)
 {
     return isASCIISpace(c) || (c >= 0x21 && c <= 0x7e); // Whitespace + VCHAR
 }
 
-bool isNonceCharacter(UChar c)
+// Only checks for general Base64 encoded chars, not '=' chars since '=' is
+// positional and may only appear at the end of a Base64 encoded string.
+bool isBase64EncodedCharacter(UChar c)
 {
     return isASCIIAlphanumeric(c) || c == '+' || c == '/';
 }
 
 bool isSourceCharacter(UChar c)
 {
     return !isASCIISpace(c);
 }
 
 bool isPathComponentCharacter(UChar c)
@@ skipping 189 matching lines @@
 class CSPSourceList {
 public:
     CSPSourceList(ContentSecurityPolicy*, const String& directiveName);
 
     void parse(const UChar* begin, const UChar* end);
 
     bool matches(const KURL&);
     bool allowInline() const { return m_allowInline; }
     bool allowEval() const { return m_allowEval; }
     bool allowNonce(const String& nonce) const { return !nonce.isNull() && m_nonces.contains(nonce); }
+    bool allowHash(const String& hash) const { return !hash.isNull() && m_hashes.contains(hash); }
+    uint8_t getHashFunctionsUsed() const { return m_hashFunctionsUsed; }

[abarth-chromium, 2013/10/22 17:46:49]

getHashFunctionsUsed -> hashFunctionsUsed

(The "get" prefix doesn't add anything so we usually drop it.)

[jww, 2013/10/28 19:36:23]

Done.

 
 private:
     bool parseSource(const UChar* begin, const UChar* end, String& scheme, String& host, int& port, String& path, bool& hostHasWildcard, bool& portHasWildcard);
     bool parseScheme(const UChar* begin, const UChar* end, String& scheme);
     bool parseHost(const UChar* begin, const UChar* end, String& host, bool& hostHasWildcard);
     bool parsePort(const UChar* begin, const UChar* end, int& port, bool& portHasWildcard);
     bool parsePath(const UChar* begin, const UChar* end, String& path);
     bool parseNonce(const UChar* begin, const UChar* end, String& nonce);
+    bool parseHash(const UChar* begin, const UChar* end, String& hash, ContentSecurityPolicy::HashFunctions&);
 
     void addSourceSelf();
     void addSourceStar();
     void addSourceUnsafeInline();
     void addSourceUnsafeEval();
     void addSourceNonce(const String& nonce);
+    void addSourceHash(const String& hash, const ContentSecurityPolicy::HashFunctions&);
 
     ContentSecurityPolicy* m_policy;
     Vector<CSPSource> m_list;
     String m_directiveName;
     bool m_allowStar;
     bool m_allowInline;
     bool m_allowEval;
     HashSet<String> m_nonces;
+    HashSet<String> m_hashes;
+    uint8_t m_hashFunctionsUsed;

[abarth-chromium, 2013/10/22 17:46:49]

Don't we need to keep track of which hash functions were used on a per-hash
basis?  I was expecting this to be a HashSet of a struct that contained a hash
function and a hash value.

[jww, 2013/10/28 19:36:23]

Fixed by other changes.

 };
 
 CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& directiveName)
     : m_policy(policy)
     , m_directiveName(directiveName)
     , m_allowStar(false)
     , m_allowInline(false)
     , m_allowEval(false)
+    , m_hashFunctionsUsed(0)
 {
 }
 
 bool CSPSourceList::matches(const KURL& url)
 {
     if (m_allowStar)
         return true;
 
     KURL effectiveURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url;
 
@@ skipping 80 matching lines @@
 
     if (m_policy->experimentalFeaturesEnabled()) {
         String nonce;
         if (!parseNonce(begin, end, nonce))
             return false;
 
         if (!nonce.isNull()) {
             addSourceNonce(nonce);
             return true;
         }
+
+        String hash;
+        ContentSecurityPolicy::HashFunctions hashFunction = ContentSecurityPolicy::HashFunctionsNone;
+        if (!parseHash(begin, end, hash, hashFunction))
+            return false;
+
+        if (!hash.isNull()) {
+            addSourceHash(hash, hashFunction);
+            return true;
+        }
     }
 
     const UChar* position = begin;
     const UChar* beginHost = begin;
     const UChar* beginPath = end;
     const UChar* beginPort = 0;
 
     skipWhile<UChar, isNotColonOrSlash>(position, end);
 
     if (position == end) {
@@ skipping 69 matching lines @@
 bool CSPSourceList::parseNonce(const UChar* begin, const UChar* end, String& nonce)
 {
     DEFINE_STATIC_LOCAL(const String, noncePrefix, ("'nonce-"));
 
     if (!equalIgnoringCase(noncePrefix.characters8(), begin, noncePrefix.length()))
         return true;
 
     const UChar* position = begin + noncePrefix.length();
     const UChar* nonceBegin = position;
 
-    skipWhile<UChar, isNonceCharacter>(position, end);
+    skipWhile<UChar, isBase64EncodedCharacter>(position, end);
     ASSERT(nonceBegin <= position);
 
     if (((position + 1) != end  && *position != '\'') || !(position - nonceBegin))
         return false;
 
     nonce = String(nonceBegin, position - nonceBegin);
     return true;
 }
 
+// hash-source       = "'" hash-algorithm "-" hash-value "'"
+// hash-algorithm    = "sha1" / "sha256"
+// hash-value        = 1*( ALPHA / DIGIT / "+" / "/" / "=" )
+//
+bool CSPSourceList::parseHash(const UChar* begin, const UChar* end, String& hash, ContentSecurityPolicy::HashFunctions& hashFunction)
+{
+    DEFINE_STATIC_LOCAL(const String, sha1Prefix, ("'sha1-"));
+    DEFINE_STATIC_LOCAL(const String, sha256Prefix, ("'sha256-"));
+
+    String prefix;
+    if (equalIgnoringCase(sha1Prefix.characters8(), begin, sha1Prefix.length())) {
+        prefix = sha1Prefix;
+        hashFunction = ContentSecurityPolicy::HashFunctionsSha1;
+    } else if (equalIgnoringCase(sha256Prefix.characters8(), begin, sha256Prefix.length())) {
+        notImplemented();
+    } else {
+        return true;
+    }
+
+    const UChar* position = begin + prefix.length();
+    const UChar* hashBegin = position;
+
+    skipWhile<UChar, isBase64EncodedCharacter>(position, end);
+    ASSERT(hashBegin <= position);
+
+    // Base64 encodings may end with exactly one or two '=' characters
+    skipExactly<UChar>(position, position + 1, '=');
+    skipExactly<UChar>(position, position + 1, '=');
+
+    if (((position + 1) != end  && *position != '\'') || !(position - hashBegin))
+        return false;

[abarth-chromium, 2013/10/22 17:46:49]

Is this logic right?  I would have expected:

if ((position + 1 != end) || *position != '\'' || !(position - hashBegin))

In particular, we want to return false if position + 1 != end, right?

[jww, 2013/10/28 19:36:23]

Done.

+
+    hash = String(begin + 1, position - begin - 1);

[abarth-chromium, 2013/10/22 17:46:49]

Why begin + 1 rather than hashBegin?  I would have thought that |hash| would be
the base64 encoded hash value with the prefix stripped off.  Here you're
including the prefix.

I see, you're including the tag in the hash.  Maybe we should use a different
name for the variable?  Perhaps tagAndHash?

Also, there's something odd that happens if the site supplies something like
'SHA1-oisnf3n30we498...'.  You're using a case-insensitive comparison on like
544, but then on line 1707 you always use a lower case tag.  That means
uppercase tags will never match.

Rather than trying to encode the hash function in-band in the string, I'd
recommending using a data structure.  Instead of storing a string in the
HashSet, we can store a struct that contains the enum value for the hash
function and a string corresponding to the hash value.  We can even use a
Vector<uint8_t> to store the hash value decoded so we don't have any trouble
with canonicalizing the base64 encoding.  That will give us a much more directly
internal representation.

[jww, 2013/10/28 19:36:23]

Hashes are now stored as a struct that contain the hash function used and a bit
vector of the hash value.

+    return true;
+}
+
 //                     ; <scheme> production from RFC 3986
 // scheme      = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
 //
 bool CSPSourceList::parseScheme(const UChar* begin, const UChar* end, String& scheme)
 {
     ASSERT(begin <= end);
     ASSERT(scheme.isEmpty());
 
     if (begin == end)
         return false;
@@ skipping 122 matching lines @@
 void CSPSourceList::addSourceUnsafeEval()
 {
     m_allowEval = true;
 }
 
 void CSPSourceList::addSourceNonce(const String& nonce)
 {
     m_nonces.add(nonce);
 }
 
+void CSPSourceList::addSourceHash(const String& hash, const ContentSecurityPolicy::HashFunctions& hashFunction)
+{
+    m_hashes.add(hash);
+    m_hashFunctionsUsed |= hashFunction;
+}
+
 class CSPDirective {
 public:
     CSPDirective(const String& name, const String& value, ContentSecurityPolicy* policy)
         : m_name(name)
         , m_text(name + ' ' + value)
         , m_policy(policy)
     {
     }
 
     const String& text() const { return m_text; }
@@ skipping 96 matching lines @@
     }
 
     bool allows(const KURL& url)
     {
         return m_sourceList.matches(url.isEmpty() ? policy()->url() : url);
     }
 
     bool allowInline() const { return m_sourceList.allowInline(); }
     bool allowEval() const { return m_sourceList.allowEval(); }
     bool allowNonce(const String& nonce) const { return m_sourceList.allowNonce(nonce.stripWhiteSpace()); }
+    bool allowHash(const String& hash) const { return m_sourceList.allowHash(hash); }
+
+    uint8_t getHashFunctionsUsed() const { return m_sourceList.getHashFunctionsUsed(); }
 
 private:
     CSPSourceList m_sourceList;
 };
 
 class CSPDirectiveList {
     WTF_MAKE_FAST_ALLOCATED;
 public:
     static PassOwnPtr<CSPDirectiveList> create(ContentSecurityPolicy*, const UChar* begin, const UChar* end, ContentSecurityPolicy::HeaderType);
 
@@ skipping 14 matching lines @@
     bool allowChildFrameFromSource(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowImageFromSource(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowStyleFromSource(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowFontFromSource(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowMediaFromSource(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowConnectToSource(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowFormAction(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowBaseURI(const KURL&, ContentSecurityPolicy::ReportingStatus) const;
     bool allowScriptNonce(const String&) const;
     bool allowStyleNonce(const String&) const;
+    bool allowScriptHash(const String&) const;
 
     void gatherReportURIs(DOMStringList&) const;
     const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorMessage; }
     ReflectedXSSDisposition reflectedXSSDisposition() const { return m_reflectedXSSDisposition; }
     bool isReportOnly() const { return m_reportOnly; }
     const Vector<KURL>& reportURIs() const { return m_reportURIs; }
 
 private:
     CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicy::HeaderType);
 
     bool parseDirective(const UChar* begin, const UChar* end, String& name, String& value);
     void parseReportURI(const String& name, const String& value);
     void parsePluginTypes(const String& name, const String& value);
     void parseReflectedXSS(const String& name, const String& value);
     void addDirective(const String& name, const String& value);
     void applySandboxPolicy(const String& name, const String& sandboxPolicy);
 
     template <class CSPDirectiveType>
     void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDirectiveType>&);
 
     SourceListDirective* operativeDirective(SourceListDirective*) const;
     void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL) const;
     void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
     void reportViolationWithState(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, ScriptState*) const;
 
     bool checkEval(SourceListDirective*) const;
     bool checkInline(SourceListDirective*) const;
     bool checkNonce(SourceListDirective*, const String&) const;
+    bool checkHash(SourceListDirective*, const String&) const;
     bool checkSource(SourceListDirective*, const KURL&) const;
     bool checkMediaType(MediaListDirective*, const String& type, const String& typeAttribute) const;
 
     void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisabledErrorMessage = errorMessage; }
 
     bool checkEvalAndReportViolation(SourceListDirective*, const String& consoleMessage, ScriptState*) const;
     bool checkInlineAndReportViolation(SourceListDirective*, const String& consoleMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool isScript) const;
 
     bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const String& effectiveDirective) const;
     bool checkMediaTypeAndReportViolation(MediaListDirective*, const String& type, const String& typeAttribute, const String& consoleMessage) const;
@@ skipping 82 matching lines @@
 bool CSPDirectiveList::checkInline(SourceListDirective* directive) const
 {
     return !directive || directive->allowInline();
 }
 
 bool CSPDirectiveList::checkNonce(SourceListDirective* directive, const String& nonce) const
 {
     return !directive || directive->allowNonce(nonce);
 }
 
+bool CSPDirectiveList::checkHash(SourceListDirective* directive, const String& hash) const
+{
+    return !directive || directive->allowHash(hash);
+}
+
 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& url) const
 {
     return !directive || directive->allows(url);
 }
 
 bool CSPDirectiveList::checkMediaType(MediaListDirective* directive, const String& type, const String& typeAttribute) const
 {
     if (!directive)
         return true;
     if (typeAttribute.isEmpty() || typeAttribute.stripWhiteSpace() != type)
@@ skipping 225 matching lines @@
 bool CSPDirectiveList::allowScriptNonce(const String& nonce) const
 {
     return checkNonce(operativeDirective(m_scriptSrc.get()), nonce);
 }
 
 bool CSPDirectiveList::allowStyleNonce(const String& nonce) const
 {
     return checkNonce(operativeDirective(m_styleSrc.get()), nonce);
 }
 
+bool CSPDirectiveList::allowScriptHash(const String& hash) const
+{
+    return checkHash(operativeDirective(m_scriptSrc.get()), hash);
+}
+
 // policy            = directive-list
 // directive-list    = [ directive *( ";" [ directive ] ) ]
 //
 void CSPDirectiveList::parse(const UChar* begin, const UChar* end)
 {
     m_header = String(begin, end - begin);
 
     if (begin == end)
         return;
 
@@ skipping 163 matching lines @@
     // value1 value2
     //        ^
     m_reflectedXSSDisposition = ReflectedXSSInvalid;
     m_policy->reportInvalidReflectedXSS(value);
 }
 
 void CSPDirectiveList::addDirective(const String& name, const String& value)
 {
     ASSERT(!name.isEmpty());
 
-    if (equalIgnoringCase(name, defaultSrc))
+    if (equalIgnoringCase(name, defaultSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_defaultSrc);
-    else if (equalIgnoringCase(name, scriptSrc))
+    } else if (equalIgnoringCase(name, scriptSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_scriptSrc);
-    else if (equalIgnoringCase(name, objectSrc))
+        m_policy->usesScriptHashFunctions(m_scriptSrc->getHashFunctionsUsed());
+    } else if (equalIgnoringCase(name, objectSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_objectSrc);
-    else if (equalIgnoringCase(name, frameSrc))
+    } else if (equalIgnoringCase(name, frameSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_frameSrc);
-    else if (equalIgnoringCase(name, imgSrc))
+    } else if (equalIgnoringCase(name, imgSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_imgSrc);
-    else if (equalIgnoringCase(name, styleSrc))
+    } else if (equalIgnoringCase(name, styleSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_styleSrc);
-    else if (equalIgnoringCase(name, fontSrc))
+    } else if (equalIgnoringCase(name, fontSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_fontSrc);
-    else if (equalIgnoringCase(name, mediaSrc))
+    } else if (equalIgnoringCase(name, mediaSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_mediaSrc);
-    else if (equalIgnoringCase(name, connectSrc))
+    } else if (equalIgnoringCase(name, connectSrc)) {
         setCSPDirective<SourceListDirective>(name, value, m_connectSrc);
-    else if (equalIgnoringCase(name, sandbox))
+    } else if (equalIgnoringCase(name, sandbox)) {
         applySandboxPolicy(name, value);
-    else if (equalIgnoringCase(name, reportURI))
+    } else if (equalIgnoringCase(name, reportURI)) {
         parseReportURI(name, value);
-    else if (m_policy->experimentalFeaturesEnabled()) {
+    } else if (m_policy->experimentalFeaturesEnabled()) {
         if (equalIgnoringCase(name, baseURI))
             setCSPDirective<SourceListDirective>(name, value, m_baseURI);
         else if (equalIgnoringCase(name, formAction))
             setCSPDirective<SourceListDirective>(name, value, m_formAction);
         else if (equalIgnoringCase(name, pluginTypes))
             setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
         else if (equalIgnoringCase(name, reflectedXSS))
             parseReflectedXSS(name, value);
         else
             m_policy->reportUnsupportedDirective(name);
+    } else {
+        m_policy->reportUnsupportedDirective(name);
     }
-    else
-        m_policy->reportUnsupportedDirective(name);
 }
 
 ContentSecurityPolicy::ContentSecurityPolicy(ExecutionContext* executionContext)
     : m_executionContext(executionContext)
     , m_overrideInlineStyleAllowed(false)
+    , m_sourceHashFunctionsUsed(HashFunctionsNone)
 {
 }
 
 ContentSecurityPolicy::~ContentSecurityPolicy()
 {
 }
 
 void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)
 {
     ASSERT(m_policies.isEmpty());
@@ skipping 105 matching lines @@
 
 template<bool (CSPDirectiveList::*allowed)(const String&) const>
 bool isAllowedByAllWithNonce(const CSPDirectiveListVector& policies, const String& nonce)
 {
     for (size_t i = 0; i < policies.size(); ++i) {
         if (!(policies[i].get()->*allowed)(nonce))
             return false;
     }
     return true;
 }
+
+template<bool (CSPDirectiveList::*allowed)(const String&) const>
+bool isAllowedByAllWithHash(const CSPDirectiveListVector& policies, const String& hash)
+{
+    for (size_t i = 0; i < policies.size(); ++i) {
+        if (!(policies[i].get()->*allowed)(hash))
+            return false;
+    }
+    return true;
+}
+
 template<bool (CSPDirectiveList::*allowFromURL)(const KURL&, ContentSecurityPolicy::ReportingStatus) const>
 bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus)
 {
     if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))
         return true;
 
     for (size_t i = 0; i < policies.size(); ++i) {
         if (!(policies[i].get()->*allowFromURL)(url, reportingStatus))
             return false;
     }
@@ skipping 53 matching lines @@
 bool ContentSecurityPolicy::allowScriptNonce(const String& nonce) const
 {
     return isAllowedByAllWithNonce<&CSPDirectiveList::allowScriptNonce>(m_policies, nonce);
 }
 
 bool ContentSecurityPolicy::allowStyleNonce(const String& nonce) const
 {
     return isAllowedByAllWithNonce<&CSPDirectiveList::allowStyleNonce>(m_policies, nonce);
 }
 
+bool ContentSecurityPolicy::allowScriptHash(const String& source) const
+{
+    DEFINE_STATIC_LOCAL(const String, sha1Prefix, ("sha1-"));
+
+    // TODO(jww) We don't currently have a WTF SHA256 implementation. Once we
+    // have that, we should implement a proper check for sha256 hash values here.
+    if (HashFunctionsSha1 & m_sourceHashFunctionsUsed) {
+        SHA1 sourceSha1;
+        sourceSha1.addBytes(UTF8Encoding().normalizeAndEncode(source, WTF::EntitiesForUnencodables));
+        Vector<uint8_t, 20> digest;
+        sourceSha1.computeHash(digest);
+
+        StringBuilder hash;
+        hash.reserveCapacity(sha1Prefix.length() + digest.size());
+        hash.append(sha1Prefix);
+        hash.append(base64Encode(reinterpret_cast<char*>(digest.data()), digest.size()));

[abarth-chromium, 2013/10/22 17:46:49]

What about the trailing = characters?  Do we need to canonicalize the base64
encoding at all?  For example, maybe we should strip off the trailing =?  Maybe
we should require them to be present?

[jww, 2013/10/28 19:36:23]

Addressed by other changes (now storing the hash as a bit vector).

+        if (isAllowedByAllWithHash<&CSPDirectiveList::allowScriptHash>(m_policies, hash.toString()))
+            return true;
+    }
+
+    return false;
+}
+
+void ContentSecurityPolicy::usesScriptHashFunctions(uint8_t hashFunctions)
+{
+    m_sourceHashFunctionsUsed |= hashFunctions;
+}
+
 bool ContentSecurityPolicy::allowObjectFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
     return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
 }
 
 bool ContentSecurityPolicy::allowChildFrameFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
     return isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus);
 }
 
@@ skipping 234 matching lines @@
 {
     ASSERT(invalidChar == '#' || invalidChar == '?');
 
     String ignoring = "The fragment identifier, including the '#', will be ignored.";
     if (invalidChar == '?')
         ignoring = "The query component, including the '?', will be ignored.";
     String message = "The source list for Content Security Policy directive '" + directiveName + "' contains a source with an invalid path: '" + value + "'. " + ignoring;
     logToConsole(message);
 }
 
-void ContentSecurityPolicy::reportInvalidNonce(const String& nonce) const
-{
-    String message = "Ignoring invalid Content Security Policy script nonce: '" + nonce + "'.\n";
-    logToConsole(message);
-}
-
 void ContentSecurityPolicy::reportInvalidSourceExpression(const String& directiveName, const String& source) const
 {
     String message = "The source list for Content Security Policy directive '" + directiveName + "' contains an invalid source: '" + source + "'. It will be ignored.";
     if (equalIgnoringCase(source, "'none'"))
         message = message + " Note that 'none' has no effect unless it is the only expression in the source list.";
     logToConsole(message);
 }
 
 void ContentSecurityPolicy::reportMissingReportURI(const String& policy) const
 {
@@ skipping 30 matching lines @@
     // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report.
     return !m_violationReportsSent.contains(report.impl()->hash());
 }
 
 void ContentSecurityPolicy::didSendViolationReport(const String& report)
 {
     m_violationReportsSent.add(report.impl()->hash());
 }
 
 } // namespace WebCore