Merging upstream version 127.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-12 05:35:37 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-12 05:35:37 +0000
commit: a90a5cba08fdf6c0ceb95101c275108a152a3aed (patch)
tree: 532507288f3defd7f4dcf1af49698bcb76034855 /dom/security/FramingChecker.cpp
parent: Adding debian version 126.0.1-1. (diff)
download: firefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.tar.xz
firefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/dom/security/FramingChecker.cpp b/dom/security/FramingChecker.cpp
index ecd7a6863e..bee587e701 100644
--- a/dom/security/FramingChecker.cpp
+++ b/dom/security/FramingChecker.cpp
@@ -151,6 +151,8 @@ bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel,
     return true;
   }
 
+  static const char kASCIIWhitespace[] = "\t ";
+
   // Step 3-4. reduce the header options to a unique set and count how many
   // unique values (that we track) are encountered. this avoids using a set to
   // stop attackers from inheriting arbitrary values in memory and reduce the
@@ -158,7 +160,7 @@ bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel,
   XFOHeader xfoOptions;
   for (const nsACString& next : xfoHeaderValue.Split(',')) {
     nsAutoCString option(next);
-    option.StripWhitespace();
+    option.Trim(kASCIIWhitespace);
 
     if (option.LowerCaseEqualsLiteral("allowall")) {
       xfoOptions.ALLOWALL = true;
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-12 05:35:37 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-12 05:35:37 +0000
commit	a90a5cba08fdf6c0ceb95101c275108a152a3aed (patch)
tree	532507288f3defd7f4dcf1af49698bcb76034855 /dom/security/FramingChecker.cpp
parent	Adding debian version 126.0.1-1. (diff)
download	firefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.tar.xz firefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.zip