diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp index 1f6de5e02cf4..d894209f6147 100644 --- a/dom/security/nsCSPParser.cpp +++ b/dom/security/nsCSPParser.cpp @@ -1171,6 +1171,10 @@ nsCSPParser::directive() return; } + if (CSP_IsEmptyDirective(mCurValue, mCurToken)) { + return; + } + // Try to create a new CSPDirective nsCSPDirective* cspDir = directiveName(); if (!cspDir) { diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp index 1149b71387f0..54d43898a66e 100644 --- a/dom/security/nsCSPUtils.cpp +++ b/dom/security/nsCSPUtils.cpp @@ -307,6 +307,12 @@ CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI) return hostsrc; } +bool +CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir) +{ + return (aDir.Length() == 0 && + aValue.Length() == 0); +} bool CSP_IsValidDirective(const nsAString& aDir) { diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h index b7cd3a9a68aa..e7ec73ad5a4b 100644 --- a/dom/security/nsCSPUtils.h +++ b/dom/security/nsCSPUtils.h @@ -211,6 +211,7 @@ nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp, class nsCSPHostSrc; nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI); +bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir); bool CSP_IsValidDirective(const nsAString& aDir); bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir); bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey); diff --git a/dom/security/test/csp/file_empty_directive.html b/dom/security/test/csp/file_empty_directive.html new file mode 100644 index 000000000000..16196bb19f48 --- /dev/null +++ b/dom/security/test/csp/file_empty_directive.html @@ -0,0 +1,11 @@ + + +
+ ++ + ++ +