Implementation of script hashes for CSP.

Source/core/frame/ContentSecurityPolicy.h

Index: Source/core/frame/ContentSecurityPolicy.h
diff --git a/Source/core/frame/ContentSecurityPolicy.h b/Source/core/frame/ContentSecurityPolicy.h
index 927d8532c99f13ba35368860272d0a835995e651..7f1f8ecefc792413e7e8f5d5832680596a35c771 100644
--- a/Source/core/frame/ContentSecurityPolicy.h
+++ b/Source/core/frame/ContentSecurityPolicy.h
@@ -102,6 +102,7 @@ public:
     bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const;
     bool allowScriptNonce(const String& nonce) const;
     bool allowStyleNonce(const String& nonce) const;
+    bool allowHash(const String& source) const;

[abarth-chromium, 2013/10/17 02:28:09]

allowHash -> allowScriptHash ?  Presumably this function will look at the
script-src directive.  We'll need a separate function when we support hash
sources in style-src.

[jww, 2013/10/18 22:58:04]

Done.

 
     ReflectedXSSDisposition reflectedXSSDisposition() const;
 
@@ -114,7 +115,6 @@ public:
     void reportDuplicateDirective(const String&) const;
     void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const;
     void reportInvalidPathCharacter(const String& directiveName, const String& value, const char) const;
-    void reportInvalidNonce(const String&) const;
     void reportInvalidPluginTypes(const String&) const;
     void reportInvalidSandboxFlags(const String&) const;
     void reportInvalidSourceExpression(const String& directiveName, const String& source) const;