CSP2: Fix the source hash example.

w3c · Oct 27, 2014 · 19b3773 · 19b3773
1 parent 802cc29
commit 19b3773
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/specs/content-security-policy/index.html b/specs/content-security-policy/index.html
@@ -2926,8 +2926,17 @@ <h4 class="heading settled" data-level=7.17.2 id=script-src-hash-usage><span cla
 <p>Each inline script block’s contents are hashed, and compared against
       the whitelisted value. If there’s a match, the script is executed. For
       example, the SHA-256 digest of <code>alert('Hello, world.');</code> is
-      <code>YWIzOWNiNzJjNDRlYzc4MTgwMDhmZDlkOWI0NTAyMjgyY2MyMWJlMWUyNjc1ODJlYWJhNjU5MGU4NmZmNGU3OAo=</code>.
-      If the server sent the following header:</p>
+      <code>qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng=</code>.</p>
+
+      <div class=example>
+        You can obtain the digest of a string on the command line simply
+        via the <code>openssl</code> program. For example:
+
+        <pre>echo -n "alert('Hello, world');" | openssl dgst -sha256 -binary | openssl enc -base64
+</pre>
+      </div>
+
+<p>If the server sent the following header:</p>
 
       <pre>Content-Security-Policy: <a data-link-type=dfn href=#script-src title=script-src>script-src</a> 'sha256-YWIzOWNiNzJjNDRlYzc4MTgwMDhmZDlkOWI0NTAyMjgyY2MyMWJlMWUyNjc1ODJlYWJhNjU5MGU4NmZmNGU3OAo='
 </pre>

diff --git a/specs/content-security-policy/index.src.html b/specs/content-security-policy/index.src.html
@@ -2912,7 +2912,17 @@ <h4 id="script-src-hash-usage">
       Each inline script block's contents are hashed, and compared against
       the whitelisted value. If there's a match, the script is executed. For
       example, the SHA-256 digest of <code>alert('Hello, world.');</code> is
-      <code>YWIzOWNiNzJjNDRlYzc4MTgwMDhmZDlkOWI0NTAyMjgyY2MyMWJlMWUyNjc1ODJlYWJhNjU5MGU4NmZmNGU3OAo=</code>.
+      <code>qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng=</code>.
+
+      <div class="example">
+        You can obtain the digest of a string on the command line simply
+        via the <code>openssl</code> program. For example:
+
+        <pre>
+          echo -n "alert('Hello, world');" | openssl dgst -sha256 -binary | openssl enc -base64
+        </pre>
+      </div>
+
       If the server sent the following header:
 
       <pre>