Added validation of the policy specified in the 'csp' attribute

third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
index 4c38b3d3b2ed4120d6e8708af392b177e99db163..a72308896497d60ffd68a418913e8c0f51f33717 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
@@ -1140,4 +1140,23 @@ TEST_F(CSPDirectiveListTest, GetSourceVector) {
   }
 }
 
+TEST_F(CSPDirectiveListTest, IsValidTest) {
+  // Empty string is invalid
+  EXPECT_EQ(CSPDirectiveList::IsValid(""), false);
+
+  // Policy with single directive
+  EXPECT_EQ(CSPDirectiveList::IsValid("base-uri http://example.com"), true);
+  EXPECT_EQ(CSPDirectiveList::IsValid("invalid-policy-name http://example.com"),
+            false);
+
+  // Policy with multiple directives
+  EXPECT_EQ(CSPDirectiveList::IsValid("base-uri http://example.com 'self'; "
+                                      "child-src http://example.com; "
+                                      "default-src http://example.com"),
+            true);
+  EXPECT_EQ(CSPDirectiveList::IsValid("default-src http://example.com; "
+                                      "invalid-policy-name http://example.com"),
+            false);

[Mike West, 2017/05/23 19:21:36]

It would be nice to get a little more coverage here. Can you copy/paste some
items out of
//LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-*.html
to flesh this out with some edge cases?

Ditto for the test we're upstreaming to WPT.

[andypaicu, 2017/05/26 14:41:09]

Done. I'll do the WPT tests separately for now. Raised crbug.com/726724

+}
+
 }  // namespace blink