Index: third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp |
diff --git a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp |
index c58604cddcba2c973a70bf50e5b9cffcf2e86fa8..b403b848bc8f59979f8e9652a9d837a4ce3aff90 100644 |
--- a/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp |
+++ b/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp |
@@ -27,6 +27,7 @@ |
#include "core/CSSPropertyNames.h" |
#include "core/HTMLNames.h" |
#include "core/frame/UseCounter.h" |
+#include "core/frame/csp/CSPDirectiveList.h" |
#include "core/html/HTMLDocument.h" |
#include "core/inspector/ConsoleMessage.h" |
#include "core/layout/LayoutIFrame.h" |
@@ -145,12 +146,11 @@ void HTMLIFrameElement::ParseAttribute( |
} |
} else if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && |
name == cspAttr) { |
- // TODO(amalika): add more robust validation of the value |
- if (!value.GetString().ContainsOnlyASCII()) { |
Mike West
2017/05/23 19:21:36
We should probably add some tests for non-ASCII ch
andypaicu
2017/05/26 14:41:09
Done
|
+ if (!CSPDirectiveList::IsValid(value.GetString())) { |
csp_ = g_null_atom; |
GetDocument().AddConsoleMessage(ConsoleMessage::Create( |
kOtherMessageSource, kErrorMessageLevel, |
- "'csp' attribute contains non-ASCII characters: " + value)); |
+ "'csp' attribute is not a valid policy: " + value)); |
return; |
} |
AtomicString old_csp = csp_; |