Chromium的XSS审计员拒绝执行脚本 [英] Chromium's XSS auditor refused to execute a script
问题描述
这是Chrome Inspector的消息:
XSS审计程序拒绝执行
<$ c中的脚本$ c> http:// localhost / Disposable工作NOTAS.php
,因为它的源代码是在请求中找到的。
由于服务器既没有发送
也没有发送'X-XSS-Protection'和'Content-Security-Policy'头部,所以审计程序已启用。
...我的笔记本上有几个网站坐在本地主机上,我使用它作为我工作流程的一个重要部分,在最近几天,Chrome更新了某些内容后,所有网站的textareas的内容都不会被保存到文件中。
保存编辑的代码被统一破解;我输入新文本,在 save 和我的浏览器上单击
,而不是在脚本
中为我正在工作的网页执行文件〜编写子例程,只需打开一个新文件空白页。如果我点击后面的
按钮,textarea仍会显示新添加的内容,但是在文件中,不会添加任何
更改。 >解决方案
如果您想要让Chrome禁用其XSS保护功能,您可以发送 X-XSS-Protection 0 的值。由于您似乎正在使用PHP,因此您可以将其添加到某处,以便在输出任何内容之前始终执行此操作:
$ b
标题(X-XSS-Protection:0);
This is a message from the Chrome Inspector:
The XSS Auditor refused to execute a script in
http://localhost/Disposable Working NOTAS.phpbecause its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
... I have a couple dozen websites sitting on localhost on my notebook which I use for a big part of my workflow, and in the last couple days, after an updated Chrome changed something, pretty much all the websites' textareas' content is not being saved to file anymore.
The code which was saving edits I made, is uniformly broken; I enter new text, click on save and my browser, instead of executing the file~writing subroutines in the script for the webpage I am working in, simply opens a new blank page. If I then hit the back button, the textarea still shows the freshly added content, but in the file, no changes are being appended.
If you'd like to tell Chrome to disable its XSS protection, you can send an X-XSS-Protection header with a value of 0. Since you appear to be using PHP, you'd add this somewhere where it'll always be executed before any content has been output:
header("X-XSS-Protection: 0");
这篇关于Chromium的XSS审计员拒绝执行脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
