Implementation of script hashes for CSP.

Source/core/dom/ScriptLoader.cpp

Index: Source/core/dom/ScriptLoader.cpp
diff --git a/Source/core/dom/ScriptLoader.cpp b/Source/core/dom/ScriptLoader.cpp
index cfefea53954aafc27b1b0424aef16358fdbecc4d..8b5539f3740165843d91afc37bffe3145a9d4fcc 100644
--- a/Source/core/dom/ScriptLoader.cpp
+++ b/Source/core/dom/ScriptLoader.cpp
@@ -308,7 +308,11 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode)
 
     Frame* frame = contextDocument->frame();
 
-    bool shouldBypassMainWorldContentSecurityPolicy = (frame && frame->script()->shouldBypassMainWorldContentSecurityPolicy()) || elementDocument->contentSecurityPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr));
+    bool frameContentSecurityPolicyBypass = frame && frame->script()->shouldBypassMainWorldContentSecurityPolicy();
+    bool allowScriptNonce = elementDocument->contentSecurityPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr));
+    bool allowScriptHash = elementDocument->contentSecurityPolicy()->allowScriptHash(sourceCode.source());
+
+    bool shouldBypassMainWorldContentSecurityPolicy = frameContentSecurityPolicyBypass || allowScriptNonce || allowScriptHash;

[Mike West, 2013/10/21 07:11:55]

I still think we should rename this, but a) not in this patch, b) I don't have a
brilliant idea. :)

[jww, 2013/10/21 19:18:04]

Makes sense.

 
     if (!m_isExternalScript && (!shouldBypassMainWorldContentSecurityPolicy && !elementDocument->contentSecurityPolicy()->allowInlineScript(elementDocument->url(), m_startLineNumber)))
         return;