| Index: extensions/common/csp_validator.cc
|
| diff --git a/extensions/common/csp_validator.cc b/extensions/common/csp_validator.cc
|
| index 65edd0a3aaffb578226972e59369a15c6b7fc8e0..23af91c75787c06964b62ea5ea1ee393e6deb19d 100644
|
| --- a/extensions/common/csp_validator.cc
|
| +++ b/extensions/common/csp_validator.cc
|
| @@ -54,6 +54,12 @@ bool isNonWildcardTLD(const std::string& url,
|
| if (end_of_host == std::string::npos)
|
| end_of_host = url.size();
|
|
|
| + // A missing host such as "chrome-extension://" is invalid, but for backwards-
|
| + // compatibility, accept such CSP parts. They will be ignored by Blink anyway.
|
| + // TODO(robwu): Remove this special case once crbug.com/434773 is fixed.
|
| + if (start_of_host == end_of_host)
|
| + return true;
|
| +
|
| // Note: It is sufficient to only compare the first character against '*'
|
| // because the CSP only allows wildcards at the start of a directive, see
|
| // host-source and host-part at http://www.w3.org/TR/CSP2/#source-list-syntax
|
|
|
Chromium Code Reviews
Issue 722233004:
Accept invalid chrome-extension:// and chrome:// CSP tokens (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master