如何在现代浏览器中临时禁用XSS保护以进行测试？ [英] How to temporarily disable XSS protection in modern browsers for testing?

问题描述

是否可以临时禁用在现代浏览器中用于测试目的的XSS保护？

我试图向同事解释当一个人发送给一个XSS易受攻击的web表单：

 < script> alert（Danger）;< / script> 
  

然而，似乎Chrome和Firefox都阻止了XSS弹出窗口。我可以禁用这种保护措施，以便我可以完全看到我的行为结果吗？

在Chrome中有一个标志，可以启动浏览器。如果你用这个标志启动浏览器，你可以做你想做的事：

   -  disable-web-security 
  

Is it possible to temporarily disable the XSS protection found in modern browsers for testing purposes?

I'm trying to explain to a co-worker what happens when one sends this to an XSS-vulnerable web form:

<script>alert("Danger");</script>

However, it appears that both Chrome and Firefox are preventing the XSS popup. Can I disable this protection so I can fully see the results of my actions?

解决方案

In Chrome there is a flag with which you can start the browser. If you start the browser with this flag, you can do what you want:

--disable-web-security 

这篇关于如何在现代浏览器中临时禁用XSS保护以进行测试？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！