PSA: Bug fix in permissions policy parser to correctly handle newlines

[Ian Clelland]

Hello, Blink!

I'm fixing a bug in the permissions policy parser (https://crbug.com/1319389) where we currently don't (but should) allow newlines, tabs, and form feeds to separate tokens in an "allow" attribute. (We allow them basically everywhere else that spaces are allowed in HTML documents; this was an error in just the permissions policy parser.)

A quick scan of HTTP Archive shows 378 urls that would be affected by this; in nearly every case, the attribute value is broken up with newlines after semicolons, and so the first feature after each newline is not currently recognized.

For instance, we see cases like this:

allow="accelerometer;
       autoplay; clipboard-write; encrypted-media; gyroscope;
       picture-in-picture; web-share"

In this example, "autoplay" and "picture-in-picture" would not be recognized, as a newline is currently the first non-space character after the preceding semicolon.

This bug fix will correct this to the expected working behaviour in those pages. (I mentioned "nearly every case" above, as I found 17 pages in which the attribute value is broken in some other way -- bad markup -- and this change will not fix that. There were no cases where I could identify any unexpected or surprising behaviour change from this fix.)

Re: interop: whitespace in the allow attribute is (at least according to the bug report) already handled correctly in both Firefox and Safari.

Ian