From a90a5cba08fdf6c0ceb95101c275108a152a3aed Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 12 Jun 2024 07:35:37 +0200
Subject: Merging upstream version 127.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 dom/security/FramingChecker.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'dom/security/FramingChecker.cpp')

diff --git a/dom/security/FramingChecker.cpp b/dom/security/FramingChecker.cpp
index ecd7a6863e..bee587e701 100644
--- a/dom/security/FramingChecker.cpp
+++ b/dom/security/FramingChecker.cpp
@@ -151,6 +151,8 @@ bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel,
     return true;
   }
 
+  static const char kASCIIWhitespace[] = "\t ";
+
   // Step 3-4. reduce the header options to a unique set and count how many
   // unique values (that we track) are encountered. this avoids using a set to
   // stop attackers from inheriting arbitrary values in memory and reduce the
@@ -158,7 +160,7 @@ bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel,
   XFOHeader xfoOptions;
   for (const nsACString& next : xfoHeaderValue.Split(',')) {
     nsAutoCString option(next);
-    option.StripWhitespace();
+    option.Trim(kASCIIWhitespace);
 
     if (option.LowerCaseEqualsLiteral("allowall")) {
       xfoOptions.ALLOWALL = true;
-- 
cgit v1.2.3