Adding Embedding-CSP HTTP header

third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
index f38e945a144e2cd9e5108e8014fc5b2903312d36..e7fd2a683baa7956e1ecdcbf78d73e40ba120d3c 100644
--- a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
@@ -123,6 +123,14 @@ void HTMLIFrameElement::parseAttribute(const QualifiedName& name,
       m_permissions->setValue(value);
   } else if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&
              name == cspAttr) {
+    // TODO(amalika): add more robust validation of the value
+    if (!value.getString().containsOnlyASCII()) {
+      m_csp = nullAtom;
+      document().addConsoleMessage(ConsoleMessage::create(
+          OtherMessageSource, ErrorMessageLevel,
+          "'csp' attribute contains non-ASCII characters: " + value));
+      return;
+    }
     AtomicString oldCSP = m_csp;
     m_csp = value;
     if (m_csp != oldCSP)