Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
866 views
in Technique[技术] by (71.8m points)

google chrome - Chromium's XSS auditor refused to execute a script

This is a message from the Chrome Inspector:

The XSS Auditor refused to execute a script in http://localhost/Disposable Working NOTAS.php because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.

... I have a couple dozen websites sitting on localhost on my notebook which I use for a big part of my workflow, and in the last couple days, after an updated Chrome changed something, pretty much all the websites' textareas' content is not being saved to file anymore.

The code which was saving edits I made, is uniformly broken; I enter new text, click on save and my browser, instead of executing the file~writing subroutines in the script for the webpage I am working in, simply opens a new blank page. If I then hit the back button, the textarea still shows the freshly added content, but in the file, no changes are being appended.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

If you'd like to tell Chrome to disable its XSS protection, you can send an X-XSS-Protection header with a value of 0. Since you appear to be using PHP, you'd add this somewhere where it'll always be executed before any content has been output:

header("X-XSS-Protection: 0");

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...