如何在现代浏览器中临时禁用XSS保护以进行测试? [英] How to temporarily disable XSS protection in modern browsers for testing?
本文介绍了如何在现代浏览器中临时禁用XSS保护以进行测试?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
是否可以临时禁用在现代浏览器中用于测试目的的XSS保护?
我试图向同事解释当一个人发送给一个XSS易受攻击的web表单:
< script> alert(Danger);< / script>
然而,似乎Chrome和Firefox都阻止了XSS弹出窗口。我可以禁用这种保护措施,以便我可以完全看到我的行为结果吗?
在Chrome中有一个标志,可以启动浏览器。如果你用这个标志启动浏览器,你可以做你想做的事: - disable-web-security
Is it possible to temporarily disable the XSS protection found in modern browsers for testing purposes?
I'm trying to explain to a co-worker what happens when one sends this to an XSS-vulnerable web form:
<script>alert("Danger");</script>
However, it appears that both Chrome and Firefox are preventing the XSS popup. Can I disable this protection so I can fully see the results of my actions?
解决方案
In Chrome there is a flag with which you can start the browser. If you start the browser with this flag, you can do what you want:
--disable-web-security
这篇关于如何在现代浏览器中临时禁用XSS保护以进行测试?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文