diff options
Diffstat (limited to 'chromium/third_party/blink/renderer')
-rw-r--r-- | chromium/third_party/blink/renderer/core/html/html_iframe_element.cc | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc b/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc index 8c8455006dd..8cf9d0387c5 100644 --- a/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc +++ b/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc @@ -234,16 +234,27 @@ void HTMLIFrameElement::ParseAttribute( } } else if (name == html_names::kCspAttr) { if (base::FeatureList::IsEnabled(network::features::kOutOfBlinkCSPEE)) { + static const size_t kMaxLengthCSPAttribute = 4096; if (value.Contains('\n') || value.Contains('\r') || !MatchesTheSerializedCSPGrammar(value.GetString())) { + // TODO(antoniosartori): It would be safer to block loading iframes with + // invalid 'csp' attribute. required_csp_ = g_null_atom; GetDocument().AddConsoleMessage(MakeGarbageCollected<ConsoleMessage>( mojom::blink::ConsoleMessageSource::kOther, mojom::blink::ConsoleMessageLevel::kError, "'csp' attribute is invalid: " + value)); - return; - } - if (required_csp_ != value) { + } else if (value && value.length() > kMaxLengthCSPAttribute) { + // TODO(antoniosartori): It would be safer to block loading iframes with + // invalid 'csp' attribute. + required_csp_ = g_null_atom; + GetDocument().AddConsoleMessage(MakeGarbageCollected<ConsoleMessage>( + mojom::blink::ConsoleMessageSource::kOther, + mojom::blink::ConsoleMessageLevel::kError, + String::Format("'csp' attribute too long. The max length for the " + "'csp' attribute is %zu bytes.", + kMaxLengthCSPAttribute))); + } else if (required_csp_ != value) { required_csp_ = value; CSPAttributeChanged(); UseCounter::Count(GetDocument(), WebFeature::kIFrameCSPAttribute); |