Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(526)

Unified Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2896833002: Added validation of the policy specified in the 'csp' attribute (Closed)
Patch Set: Code Review suggestions Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
index b13748ddc5ff7272492da1bd0516391cd35a218b..8eb7392c94cadf0a67b6dc1c03542826373e35d6 100644
--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
@@ -1571,8 +1571,7 @@ void FrameLoader::ModifyRequestForCSP(ResourceRequest& resource_request,
Document* document) const {
if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&
!RequiredCSP().IsEmpty()) {
- // TODO(amalika): Strengthen this DCHECK that requiredCSP has proper format
- DCHECK(RequiredCSP().GetString().ContainsOnlyASCII());
+ DCHECK(ContentSecurityPolicy::IsValidCSPAttr(RequiredCSP().GetString()));
resource_request.SetHTTPHeaderField(HTTPNames::Required_CSP, RequiredCSP());
}
« no previous file with comments | « third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698