Adding Embedding-CSP HTTP header

third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
index 2735abb63182db1c6ea4ab6b382a18a4d2ad54db..bd19ff853c8aff215fc9703c273444f24058b286 100644
--- a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
@@ -124,6 +124,14 @@ void HTMLIFrameElement::parseAttribute(const QualifiedName& name,
       m_permissions->setValue(value);
   } else if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&
              name == cspAttr) {
+    // TODO(amalika): add more robust validation of the value
+    if (!value.getString().containsOnlyASCII()) {
+      m_csp = nullAtom;
+      document().addConsoleMessage(ConsoleMessage::create(
+          OtherMessageSource, ErrorMessageLevel,
+          "'csp' attribute contains non-ASCII characters: " + value));
+      return;
+    }
     AtomicString oldCSP = m_csp;
     m_csp = value;
     if (m_csp != oldCSP)