Implementation of script hashes for CSP.

Source/core/frame/ContentSecurityPolicy.h

Index: Source/core/frame/ContentSecurityPolicy.h
diff --git a/Source/core/frame/ContentSecurityPolicy.h b/Source/core/frame/ContentSecurityPolicy.h
index 927d8532c99f13ba35368860272d0a835995e651..cb59857788d6d6a8134ffc9f17d10dde84ed783e 100644
--- a/Source/core/frame/ContentSecurityPolicy.h
+++ b/Source/core/frame/ContentSecurityPolicy.h
@@ -102,6 +102,8 @@ public:
     bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
     bool allowScriptNonce(const String& nonce) const;
     bool allowStyleNonce(const String& nonce) const;
+    bool allowScriptHash(const String& source) const;
+    bool allowStyleHash(const String& hash) const;

[Mike West, 2013/10/16 14:53:02]

source vs hash? I haven't looked at the implementations yet, but I imagine these
should be the same name.

[jww, 2013/10/16 21:49:21]

Done.

 
     ReflectedXSSDisposition reflectedXSSDisposition() const;
 
@@ -115,6 +117,7 @@ public:
     void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const;
     void reportInvalidPathCharacter(const String& directiveName, const String& value, const char) const;
     void reportInvalidNonce(const String&) const;
+    void reportInvalidHash(const String&) const;
     void reportInvalidPluginTypes(const String&) const;
     void reportInvalidSandboxFlags(const String&) const;
     void reportInvalidSourceExpression(const String& directiveName, const String& source) const;