Chrome浏览器:ERR_BLOCKED_BY_XSS_AUDITOR详情 [英] Chrome: ERR_BLOCKED_BY_XSS_AUDITOR details
问题描述
问题是开发者控制台没有显示任何关于这个的信息,我也不能找到问题的根源。
有没有更多的细节可供选择?
查看引发修复错误的代码片段...
Chrome v58 可能 或 可能不会 修复您的问题......这实际上取决于您实际发布的内容。例如,如果您尝试在input / select / textarea元素中发布一些原始HTML / XML数据,您的请求可能仍会被审计员阻止。
在过去的几天里,我在两种不同的场景中遇到了这个问题:一个所见即所得的客户端编辑器和一个以某种内容预览为特色的交互式上传表单。我设法通过base64对它们进行修复,在之前对原始HTML 进行编码,然后在接收的PHP页面上将其解码。这很可能解决了这个问题,最重要的是,提高了开发人员对POST请求数据的认识水平,希望能够促使他采用有效的数据编码/解码策略,并通过XSS类型攻击加强他们的Web应用程序。 > 要在客户端对您的内容进行base64编码,您可以使用现在大多数浏览器都支持的native btoa()函数,或者第三方替代方法,比如jQuery插件结束了使用此,它工作正常)。 要base64解码POST数据,您可以使用PHP的 更多有关此主题的信息我也建议您阅读此文章。 I'm getting this chrome flag when trying to post and then get a simple form. The problem is that the Developer Console shows nothing about this and I cannot find the source of the problem by myself. Is there any option for looking this at more detail?
View the piece of code triggering the error for fixing it... Chrome v58 might or might not fix your issue... It really depends to what you're actually POSTing. For example, if you're trying to POST some raw HTML/XML data whithin an input/select/textarea element, your request might still be blocked from the auditor. In the past few days I hit this issue in two different scenarios: a WYSIWYG client-side editor and an interactive upload form featuring some kind of content preview. I managed to fix them both by base64-encoding the raw HTML before POSTing it, then decoding it on the receiving PHP page. This will most likely fix the issue and, most importantly, increase the developer's awareness level regarding the data coming from POST requests, hopefully pushing him into adopting effective data encoding/decoding strategies and strengthen their web application from XSS-type attacks. To base64-encode your content on the client side you can either use the native btoa() function, which is supported by most browsers nowadays, or a third-party alternative such as a jQuery plugin (I ended up using this, which worked ok). To base64-decode the POST data you can then use PHP's For further info regarding this topic I also suggest you to read this post. 这篇关于Chrome浏览器:ERR_BLOCKED_BY_XSS_AUDITOR详情的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
base64_decode(str)函数,ASP.NET的 Convert.FromBase64String(str) 或其他任何东西(取决于您的服务器端场景)。
base64_decode(str) function, ASP.NET's Convert.FromBase64String(str) or anything else (depending on your server-side scenario).
