diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:29 +0000 |
commit | 59203c63bb777a3bacec32fb8830fba33540e809 (patch) | |
tree | 58298e711c0ff0575818c30485b44a2f21bf28a0 /dom/security/FramingChecker.cpp | |
parent | Adding upstream version 126.0.1. (diff) | |
download | firefox-59203c63bb777a3bacec32fb8830fba33540e809.tar.xz firefox-59203c63bb777a3bacec32fb8830fba33540e809.zip |
Adding upstream version 127.0.upstream/127.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/FramingChecker.cpp')
-rw-r--r-- | dom/security/FramingChecker.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/dom/security/FramingChecker.cpp b/dom/security/FramingChecker.cpp index ecd7a6863e..bee587e701 100644 --- a/dom/security/FramingChecker.cpp +++ b/dom/security/FramingChecker.cpp @@ -151,6 +151,8 @@ bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel, return true; } + static const char kASCIIWhitespace[] = "\t "; + // Step 3-4. reduce the header options to a unique set and count how many // unique values (that we track) are encountered. this avoids using a set to // stop attackers from inheriting arbitrary values in memory and reduce the @@ -158,7 +160,7 @@ bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel, XFOHeader xfoOptions; for (const nsACString& next : xfoHeaderValue.Split(',')) { nsAutoCString option(next); - option.StripWhitespace(); + option.Trim(kASCIIWhitespace); if (option.LowerCaseEqualsLiteral("allowall")) { xfoOptions.ALLOWALL = true; |