Do not allow newlines in CSP rules

2023-10-18 13:53:21 +02:00
parent 1f8c55f536
commit 37a6e60e90
1 changed files with 1 additions and 1 deletions
--- a/src/apps.js
+++ b/src/apps.js
@@ -441,8 +441,8 @@ function validateCsp(csp) {
    if (csp === null) return null;

    if (csp.length > 4096) return new BoxError(BoxError.BAD_FIELD, 'CSP must be less than 4096');
-
    if (csp.includes('"')) return new BoxError(BoxError.BAD_FIELD, 'CSP cannot contains double quotes');
+    if (csp.includes('\n')) return new BoxError(BoxError.BAD_FIELD, 'CSP cannot contain newlines');

    return null;
 }