summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 7af69e01190..1717cc51cb6 100644
--- a/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -1839,6 +1839,10 @@ bool ContentSecurityPolicy::ShouldBypassContentSecurityPolicy(
// static
bool ContentSecurityPolicy::IsValidCSPAttr(const String& attr) {
+ // we don't allow any newline characters in the CSP attributes
+ if (attr.Contains('\n') || attr.Contains('\r'))
+ return false;
+
ContentSecurityPolicy* policy = ContentSecurityPolicy::Create();
policy->AddPolicyFromHeaderValue(attr,
kContentSecurityPolicyHeaderTypeEnforce,
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 14:00:24 +0000