1 files changed, 14 insertions, 3 deletions

diff --git a/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc b/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc
index 8c8455006dd..8cf9d0387c5 100644
--- a/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc
+++ b/chromium/third_party/blink/renderer/core/html/html_iframe_element.cc
@@ -234,16 +234,27 @@ void HTMLIFrameElement::ParseAttribute(
     }
   } else if (name == html_names::kCspAttr) {
     if (base::FeatureList::IsEnabled(network::features::kOutOfBlinkCSPEE)) {
+      static const size_t kMaxLengthCSPAttribute = 4096;
       if (value.Contains('\n') || value.Contains('\r') ||
           !MatchesTheSerializedCSPGrammar(value.GetString())) {
+        // TODO(antoniosartori): It would be safer to block loading iframes with
+        // invalid 'csp' attribute.
         required_csp_ = g_null_atom;
         GetDocument().AddConsoleMessage(MakeGarbageCollected<ConsoleMessage>(
             mojom::blink::ConsoleMessageSource::kOther,
             mojom::blink::ConsoleMessageLevel::kError,
             "'csp' attribute is invalid: " + value));
-        return;
-      }
-      if (required_csp_ != value) {
+      } else if (value && value.length() > kMaxLengthCSPAttribute) {
+        // TODO(antoniosartori): It would be safer to block loading iframes with
+        // invalid 'csp' attribute.
+        required_csp_ = g_null_atom;
+        GetDocument().AddConsoleMessage(MakeGarbageCollected<ConsoleMessage>(
+            mojom::blink::ConsoleMessageSource::kOther,
+            mojom::blink::ConsoleMessageLevel::kError,
+            String::Format("'csp' attribute too long. The max length for the "
+                           "'csp' attribute is %zu bytes.",
+                           kMaxLengthCSPAttribute)));
+      } else if (required_csp_ != value) {
         required_csp_ = value;
         CSPAttributeChanged();
         UseCounter::Count(GetDocument(), WebFeature::kIFrameCSPAttribute);