@@ -429,7 +429,9 @@ <h4>Source List</h4>
429429host-source = [ scheme "://" ] host [ port ] [ path ]
430430keyword-source = "'self'" / "'unsafe-inline'" / "'unsafe-eval'"
431431base64-value = 1*( ALPHA / DIGIT / "+" / "/" )*2( "=" )
432- nonce-source = "'nonce-" base64-value "'"
432+ nonce-value = base64-value
433+ hash-value = base64-value
434+ nonce-source = "'nonce-" nonce-value "'"
433435hash-algo = "sha256" / "sha384" / "sha512"
434436hash-source = "'" hash-algo "-" base64-value "'"
435437scheme = <scheme production from < a href ="http://tools.ietf.org/html/rfc3986#section-3.1 "> RFC 3986, section 3.1</ a > >
@@ -700,13 +702,18 @@ <h5>Valid Hashes</h5>
700702 < a href ="http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf "> defined by the NIST</ a > )
701703 </ li >
702704 < li > Let < var > expected</ var > be the < code > hash-value</ code > component of < var > hash</ var > .</ li >
703- < li > If the < a href ="#dfn-digest-of-an-elements-contents "> < var > algorithm</ var >
704- digest of < var > element</ var > 's contents</ a > is a case-insensitive match for
705+ < li > Let < var > actual</ var > be the < a href ="http://tools.ietf.org/html/rfc4648#section-4 "> base64 encoding</ a > of
706+ the binary < a href ="#dfn-digest-of-an-elements-contents "> < var > algorithm</ var > digest of < var > element</ var > 's
707+ contents</ a > .</ li >
708+ < li > If < var > actual</ var > is a case-sensitive match for
705709 < var > expected</ var > , return true and abort these steps.</ li >
706710 </ ol >
707711 </ li >
708712 < li > Return false.</ li >
709713 </ ol >
714+
715+ < p > If the user agent fails to match < code > hash-value</ code > , the user agent SHOULD report a warning message in the developer console
716+ containing the < var > actual</ var > hash value.</ p >
710717 </ section >
711718
712719 < section >
0 commit comments