Add schema chrome-extension-resource:// for extension resources

chrome/common/extensions/csp_validator.cc

Index: chrome/common/extensions/csp_validator.cc
diff --git a/chrome/common/extensions/csp_validator.cc b/chrome/common/extensions/csp_validator.cc
index e80468b8e5b878410d023b5537d36e1d2a291ed8..40ce5301ac1fe2ae9e965a7c143d1df76718bf1f 100644
--- a/chrome/common/extensions/csp_validator.cc
+++ b/chrome/common/extensions/csp_validator.cc
@@ -43,7 +43,8 @@ bool HasOnlySecureTokens(StringTokenizer& tokenizer) {
         source == "'none'" ||
         StartsWithASCII(source, "https://", true) ||
         StartsWithASCII(source, "chrome://", true) ||
-        StartsWithASCII(source, "chrome-extension://", true)) {
+        StartsWithASCII(source, "chrome-extension://", true) ||
+        StartsWithASCII(source, "chrome-extension-resource://", true)) {

[abarth-chromium, 2012/04/11 20:15:33]

I can haz unit test?

[abarth-chromium, 2012/04/11 20:18:16]

Note: If an extension uses chrome-extension-resource in its CSP policy, older
versions of Chrome will reject the extension because it won't validate.

[Peng, 2012/04/11 20:23:51]

I will test it.

[Peng, 2012/04/11 20:23:51]

That could be a problem. Any idea?

Maybe make the new scheme in the default CSP policy? Because  those libraries
are for extensions, it is not very necessary to limit it.

       continue;
     }